From 62bc8197665142b3df92bee48119144041d0efab Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Oct 2021 11:38:07 +0530
Subject: [PATCH 01/82] fixing bugs in fields.sh

---
 aws-observability-terraform/fields.sh | 28 +++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/aws-observability-terraform/fields.sh b/aws-observability-terraform/fields.sh
index e912f0f3..f513a461 100644
--- a/aws-observability-terraform/fields.sh
+++ b/aws-observability-terraform/fields.sh
@@ -42,31 +42,32 @@ function should_create_fields() {
 
     if ! jq -e <<< "${RESPONSE}" ; then
         printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
-        # Function returning with faliure
-        return 1
+        # Credential Issue
+        return 2
     fi
     
     if ! jq -e '.remaining' <<< "${RESPONSE}" ; then
         printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
-        # Function returning with faliure
-        return 1
+        # Permissions/credential issuses
+        return 3
     fi
 
     local REMAINING
     readonly REMAINING=$(jq -e '.remaining' <<< "${RESPONSE}")
   
-    #if [[ $(( REMAINING - ${#awso_list[*]} )) -ge 13 ]] ; then
     if [ $REMAINING -ge ${#awso_list[*]} ] ; then
         # Function returning with success
         return 0
     else
-        # Function returning with faliure
+        # Capacity not enough to create new fields
         return 1
     fi
 }
 
+should_create_fields
+outputVal=$?
 # Sumo Logic fields in field schema - Decide to import
-if should_create_fields ; then
+if [ $outputVal == 0 ] ; then
     # Get list of all fields present in field schema of user's Sumo Logic org.
     readonly FIELDS_RESPONSE="$(curl -XGET -s \
         -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
@@ -82,8 +83,19 @@ if should_create_fields ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
-else
+elif [ $outputVal == 1 ] ; then
     echo "Couldn't automatically create fields"
     echo "You do not have enough field capacity to create the required fields automatically."
     echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+elif [ $outputVal == 2 ] ; then
+    echo "Error in calling Sumo Logic Fields API."
+    echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
+elif [ $outputVal == 3 ] ; then
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+else
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 fi
\ No newline at end of file

From 7b9c6c4856eb95d0fc714d0aabdd3b048615a8b0 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Oct 2021 11:44:54 +0530
Subject: [PATCH 02/82] Revert "fixing bugs in fields.sh"

This reverts commit 62bc8197665142b3df92bee48119144041d0efab.
---
 aws-observability-terraform/fields.sh | 28 ++++++++-------------------
 1 file changed, 8 insertions(+), 20 deletions(-)

diff --git a/aws-observability-terraform/fields.sh b/aws-observability-terraform/fields.sh
index f513a461..e912f0f3 100644
--- a/aws-observability-terraform/fields.sh
+++ b/aws-observability-terraform/fields.sh
@@ -42,32 +42,31 @@ function should_create_fields() {
 
     if ! jq -e <<< "${RESPONSE}" ; then
         printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
-        # Credential Issue
-        return 2
+        # Function returning with faliure
+        return 1
     fi
     
     if ! jq -e '.remaining' <<< "${RESPONSE}" ; then
         printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
-        # Permissions/credential issuses
-        return 3
+        # Function returning with faliure
+        return 1
     fi
 
     local REMAINING
     readonly REMAINING=$(jq -e '.remaining' <<< "${RESPONSE}")
   
+    #if [[ $(( REMAINING - ${#awso_list[*]} )) -ge 13 ]] ; then
     if [ $REMAINING -ge ${#awso_list[*]} ] ; then
         # Function returning with success
         return 0
     else
-        # Capacity not enough to create new fields
+        # Function returning with faliure
         return 1
     fi
 }
 
-should_create_fields
-outputVal=$?
 # Sumo Logic fields in field schema - Decide to import
-if [ $outputVal == 0 ] ; then
+if should_create_fields ; then
     # Get list of all fields present in field schema of user's Sumo Logic org.
     readonly FIELDS_RESPONSE="$(curl -XGET -s \
         -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
@@ -83,19 +82,8 @@ if [ $outputVal == 0 ] ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
-elif [ $outputVal == 1 ] ; then
+else
     echo "Couldn't automatically create fields"
     echo "You do not have enough field capacity to create the required fields automatically."
     echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
-elif [ $outputVal == 2 ] ; then
-    echo "Error in calling Sumo Logic Fields API."
-    echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
-elif [ $outputVal == 3 ] ; then
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
-    echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
-else
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
-    echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 fi
\ No newline at end of file

From f4ac9e075227c9d711e439beed194f028e3cf7ee Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Mon, 4 Apr 2022 19:06:02 +0530
Subject: [PATCH 03/82] Added support to collect CloudWatch EC2 metrics using
 terraform.

---
 .../main_variables.auto.tfvars                     |  2 +-
 .../cloudformation-module/variables.tf             |  4 ++--
 aws-observability-terraform/source-module/local.tf |  1 +
 .../source-module/variables.tf                     | 14 +++++++-------
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/aws-observability-terraform/cloudformation-module/main_variables.auto.tfvars b/aws-observability-terraform/cloudformation-module/main_variables.auto.tfvars
index 5b96a96a..972de93f 100644
--- a/aws-observability-terraform/cloudformation-module/main_variables.auto.tfvars
+++ b/aws-observability-terraform/cloudformation-module/main_variables.auto.tfvars
@@ -26,7 +26,7 @@ Section3aInstallObservabilityApps = "Yes"
 ## Sumo Logic AWS CloudWatch Metrics Sources ##
 # Visit - https://help.sumologic.com/Solutions/AWS_Observability_Solution/03_Set_Up_the_AWS_Observability_Solution#sumo-logic-aws-cloudwatch-metrics-and-inventory-source
 Section4aCreateMetricsSourceOptions     = "Kinesis Firehose Metrics Source"
-Section4bMetricsNameSpaces              = "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS"
+Section4bMetricsNameSpaces              = "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2"
 Section4cCloudWatchExistingSourceAPIUrl = ""
 
 ## Sumo Logic AWS ALB Log Source ##
diff --git a/aws-observability-terraform/cloudformation-module/variables.tf b/aws-observability-terraform/cloudformation-module/variables.tf
index bf5605e8..7c547067 100644
--- a/aws-observability-terraform/cloudformation-module/variables.tf
+++ b/aws-observability-terraform/cloudformation-module/variables.tf
@@ -98,8 +98,8 @@ variable "Section4aCreateMetricsSourceOptions" {
 }
 variable "Section4bMetricsNameSpaces" {
   type        = string
-  default     = "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS"
-  description = "Provide Comma delimited list of the namespaces which will be used for both AWS CLoudWatch Metrics and Inventory Sources. Default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS. AWS/AutoScaling will be appended to Namespaces for Inventory Sources."
+  default     = "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2"
+  description = "Provide Comma delimited list of the namespaces which will be used for both AWS CloudWatch Metrics and Inventory Sources. Default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2. AWS/AutoScaling will be appended to Namespaces for Inventory Sources."
 }
 variable "Section4cCloudWatchExistingSourceAPIUrl" {
   type        = string
diff --git a/aws-observability-terraform/source-module/local.tf b/aws-observability-terraform/source-module/local.tf
index b843dde7..4aa72fdc 100644
--- a/aws-observability-terraform/source-module/local.tf
+++ b/aws-observability-terraform/source-module/local.tf
@@ -118,5 +118,6 @@ locals {
     "NetworkELB"     = 60000,
     "SQS"            = 300000,
     "SNS"            = 300000,
+    "EC2"            = 300000,
   }
 }
\ No newline at end of file
diff --git a/aws-observability-terraform/source-module/variables.tf b/aws-observability-terraform/source-module/variables.tf
index 5ce8fe46..5ada5fa2 100644
--- a/aws-observability-terraform/source-module/variables.tf
+++ b/aws-observability-terraform/source-module/variables.tf
@@ -39,7 +39,7 @@ variable "access_key" {
 
 variable "cloudwatch_metrics_source_url" {
   type        = string
-  description = "Required if you are already collecting CloudWatch Metrics. Provide the existing Sumo Logic Metrics Source API URL. If the URL is of “CloudWatch Metric source” - account and accountID fields will be added to the Source.  If the URL is of “Kinesis Firehose Metrics source” - account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)."
+  description = "Required if you are already collecting CloudWatch Metrics. Provide the existing Sumo Logic Metrics Source API URL. If the URL is of “CloudWatch Metric source” - account and accountID fields will be added to the Source. If the URL is of “Kinesis Firehose Metrics source” - account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)."
   default = ""
 }
 
@@ -51,13 +51,13 @@ variable "cloudtrail_source_url" {
 
 variable "elb_log_source_url" {
   type        = string
-  description = "Required if you are already collecting ALB logs. Provide the existing Sumo Logic ALB Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)."
+  description = "Required if you are already collecting ALB logs. Provide the existing Sumo Logic ALB Source API URL. The account, accountid, and region fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)."
   default = ""
 }
 
 variable "classic_lb_log_source_url" {
   type        = string
-  description = "Required if you are already collecting Classic LB logs. Provide the existing Sumo Logic Classic LB Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)."
+  description = "Required if you are already collecting Classic LB logs. Provide the existing Sumo Logic Classic LB Source API URL. The account, accountid, and region fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)."
   default = ""
 }
 
@@ -384,7 +384,7 @@ variable "cloudwatch_metrics_source_details" {
     source_name         = "CloudWatch Metrics (Region)"
     source_category     = "aws/observability/cloudwatch/metrics"
     description         = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch metrics."
-    limit_to_namespaces = ["AWS/ApplicationELB", "AWS/ApiGateway", "AWS/DynamoDB", "AWS/Lambda", "AWS/RDS", "AWS/ECS", "AWS/ElastiCache", "AWS/ELB", "AWS/NetworkELB", "AWS/SQS", "AWS/SNS"]
+    limit_to_namespaces = ["AWS/ApplicationELB", "AWS/ApiGateway", "AWS/DynamoDB", "AWS/Lambda", "AWS/RDS", "AWS/ECS", "AWS/ElastiCache", "AWS/ELB", "AWS/NetworkELB", "AWS/SQS", "AWS/SNS", "AWS/EC2"]
     fields              = {}
     bucket_details = {
       create_bucket        = true
@@ -541,13 +541,13 @@ variable "inventory_source_details" {
     source_name         = "AWS Inventory (Region)"
     source_category     = "aws/observability/inventory"
     description         = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS inventory metadata."
-    limit_to_namespaces = ["AWS/ApplicationELB", "AWS/ApiGateway", "AWS/DynamoDB", "AWS/Lambda", "AWS/RDS", "AWS/ECS", "AWS/ElastiCache", "AWS/ELB", "AWS/NetworkELB", "AWS/SQS", "AWS/SNS", "AWS/AutoScaling"]
+    limit_to_namespaces = ["AWS/ApplicationELB", "AWS/ApiGateway", "AWS/DynamoDB", "AWS/Lambda", "AWS/RDS", "AWS/ECS", "AWS/ElastiCache", "AWS/ELB", "AWS/NetworkELB", "AWS/SQS", "AWS/SNS", "AWS/AutoScaling", "AWS/EC2"]
     fields              = {}
   }
   validation {
     # regex check that each element of the input namespaces is one of the accepted values, contains check if any of the can function returns was false, return false from logical if any of the returns were false
-    condition     = contains([for namespace in var.inventory_source_details.limit_to_namespaces : can(regex("AWS/(?:ApplicationELB|ApiGateway|DynamoDB|Lambda|RDS|ECS|ElastiCache|ELB|NetworkELB|SQS|SNS|AutoScaling)", namespace))], false) != true
-    error_message = "Namespaces should be from provided default list \"AWS/ApplicationELB\", \"AWS/ApiGateway\", \"AWS/DynamoDB\", \"AWS/Lambda\", \"AWS/RDS\", \"AWS/ECS\", \"AWS/ElastiCache\", \"AWS/ELB\", \"AWS/NetworkELB\", \"AWS/SQS\", \"AWS/SNS\", \"AWS/AutoScaling\"."
+    condition     = contains([for namespace in var.inventory_source_details.limit_to_namespaces : can(regex("AWS/(?:ApplicationELB|ApiGateway|DynamoDB|Lambda|RDS|ECS|ElastiCache|ELB|NetworkELB|SQS|SNS|AutoScaling|EC2)", namespace))], false) != true
+    error_message = "Namespaces should be from provided default list \"AWS/ApplicationELB\", \"AWS/ApiGateway\", \"AWS/DynamoDB\", \"AWS/Lambda\", \"AWS/RDS\", \"AWS/ECS\", \"AWS/ElastiCache\", \"AWS/ELB\", \"AWS/NetworkELB\", \"AWS/SQS\", \"AWS/SNS\", \"AWS/AutoScaling\", \"AWS/EC2\"."
   }
 }
 

From 386e474ebe3b9c1e91fa02ce65b3015893551068 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Tue, 5 Apr 2022 14:38:43 +0530
Subject: [PATCH 04/82] Minor text fixes in variables file and updates to
 README.md file based on changes in variables file.

---
 aws-observability-terraform/source-module/README.md    | 10 +++++-----
 aws-observability-terraform/source-module/variables.tf |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/aws-observability-terraform/source-module/README.md b/aws-observability-terraform/source-module/README.md
index f7169348..15e0e215 100644
--- a/aws-observability-terraform/source-module/README.md
+++ b/aws-observability-terraform/source-module/README.md
@@ -72,25 +72,25 @@
 | <a name="input_auto_enable_logs_subscription"></a> [auto\_enable\_logs\_subscription](#input\_auto\_enable\_logs\_subscription) | Subscribe log groups to Sumo Logic Lambda Forwarder.<br>            You have the following options:<br>            New - Automatically subscribes new log groups to send logs to Sumo Logic.<br>            Existing - Automatically subscribes existing log groups to send logs to Sumo Logic.<br>            Both - Automatically subscribes new and existing log groups.<br>            None - Skips Automatic subscription. | `string` | `"Both"` | no |
 | <a name="input_auto_enable_logs_subscription_options"></a> [auto\_enable\_logs\_subscription\_options](#input\_auto\_enable\_logs\_subscription\_options) | filter - Enter regex for matching logGroups. Regex will check for the name. Visit https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Auto-Subscribe_AWS_Log_Groups_to_a_Lambda_Function#Configuring_parameters | <pre>object({<br>    filter = string<br>  })</pre> | <pre>{<br>  "filter": "lambda"<br>}</pre> | no |
 | <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            Please leave this blank if you are going to deploy the solution in multiple AWS accounts.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
-| <a name="input_classic_lb_log_source_url"></a> [classic\_lb\_log\_source\_url](#input\_classic\_lb\_log\_source\_url) | Required if you are already collecting Classic LB logs. Provide the existing Sumo Logic Classic LB Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
+| <a name="input_classic_lb_log_source_url"></a> [classic\_lb\_log\_source\_url](#input\_classic\_lb\_log\_source\_url) | Required if you are already collecting Classic LB logs. Provide the existing Sumo Logic Classic LB Source API URL. The account, accountid, and region fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
 | <a name="input_classic_lb_source_details"></a> [classic\_lb\_source\_details](#input\_classic\_lb\_source\_details) | Provide details for the Sumo Logic Classic Load Balancer source. If not provided, then defaults will be used.<br>            To enable collection of classic load balancer logs, set collect\_classic\_lb\_logs to true and provide configuration information for the bucket.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive Classic LB access logs. If this is blank, Sumo Logic will store logs in the path expression: *classicloadbalancing/AWSLogs/*/elasticloadbalancing/*/* | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*classicloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/clb/logs",<br>  "source_name": "Classic lb Logs (Region)"<br>}</pre> | no |
 | <a name="input_cloudtrail_source_details"></a> [cloudtrail\_source\_details](#input\_cloudtrail\_source\_details) | Provide details for the Sumo Logic CloudTrail source. If not provided, then defaults will be used.<br>            To enable, set collect\_cloudtrail\_logs to true and provide configuration information for the bucket at bucket\_details.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store CloudTrail logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive CloudTrail logs. If this is blank, Sumo Logic will store logs in the path expression AWSLogs/*/CloudTrail/*/*. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "AWSLogs/<ACCOUNT-ID>/CloudTrail/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS cloudtrail logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/cloudtrail/logs",<br>  "source_name": "CloudTrail Logs (Region)"<br>}</pre> | no |
 | <a name="input_cloudtrail_source_url"></a> [cloudtrail\_source\_url](#input\_cloudtrail\_source\_url) | Required if you are already collecting CloudTrail logs. Provide the existing Sumo Logic CloudTrail Source API URL. The account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
 | <a name="input_cloudwatch_logs_source_details"></a> [cloudwatch\_logs\_source\_details](#input\_cloudwatch\_logs\_source\_details) | Provide details for the Sumo Logic Cloudwatch Logs source. If not provided, then defaults will be used.<br><br>            Use bucket\_details section with Kinesis Firehose Log Source:<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store cloudwatch logs. If this is empty, a new bucket will be created.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br><br>            Use lambda\_log\_forwarder\_config section with Lambda Log Forwarder:<br>            Provide your email\_id to receive alerts. You will receive a confirmation email after the deployment is complete. Follow the instructions in this email to validate the address.<br>            IncludeLogGroupInfo:  Set to true to include loggroup/logstream values in logs. For AWS Lambda logs, IncludeLogGroupInfo must be set to true<br>            logformat: For Lambda, the value should be set to “Others”.<br>            log\_stream\_prefix: Enter a comma-separated list of logStream name prefixes to filter by logStream. Please note this is separate from a logGroup. This is used to only send certain logStreams within a CloudWatch logGroup(s). LogGroup(s) still need to be subscribed to the created Lambda function.<br>            workers: Number of lambda function invocations for Cloudwatch logs source Dead Letter Queue processing. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    fields          = map(string)<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      force_destroy_bucket = bool<br>    })<br>    lambda_log_forwarder_config = object({<br>      email_id               = string<br>      workers                = number<br>      log_format             = string<br>      include_log_group_info = bool<br>      log_stream_prefix      = list(string)<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch Logs.",<br>  "fields": {},<br>  "lambda_log_forwarder_config": {<br>    "email_id": "test@gmail.com",<br>    "include_log_group_info": true,<br>    "log_format": "Others",<br>    "log_stream_prefix": [],<br>    "workers": 4<br>  },<br>  "source_category": "aws/observability/cloudwatch/logs",<br>  "source_name": "CloudWatch Logs (Region)"<br>}</pre> | no |
 | <a name="input_cloudwatch_logs_source_url"></a> [cloudwatch\_logs\_source\_url](#input\_cloudwatch\_logs\_source\_url) | Required if you are already collecting AWS Lambda CloudWatch logs. Provide the existing Sumo Logic AWS Lambda CloudWatch Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
-| <a name="input_cloudwatch_metrics_source_details"></a> [cloudwatch\_metrics\_source\_details](#input\_cloudwatch\_metrics\_source\_details) | Provide details for the Sumo Logic Cloudwatch Metrics source. If not provided, then defaults will be used.<br>            limit\_to\_namespaces - Enter a comma-delimited list of the namespaces which will be used for both AWS CloudWatch Metrics Source.<br>            See this list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    description         = string<br>    limit_to_namespaces = list(string)<br>    fields              = map(string)<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      force_destroy_bucket = bool<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch metrics.",<br>  "fields": {},<br>  "limit_to_namespaces": [<br>    "AWS/ApplicationELB",<br>    "AWS/ApiGateway",<br>    "AWS/DynamoDB",<br>    "AWS/Lambda",<br>    "AWS/RDS",<br>    "AWS/ECS",<br>    "AWS/ElastiCache",<br>    "AWS/ELB",<br>    "AWS/NetworkELB",<br>    "AWS/SQS",<br>    "AWS/SNS"<br>  ],<br>  "source_category": "aws/observability/cloudwatch/metrics",<br>  "source_name": "CloudWatch Metrics (Region)"<br>}</pre> | no |
-| <a name="input_cloudwatch_metrics_source_url"></a> [cloudwatch\_metrics\_source\_url](#input\_cloudwatch\_metrics\_source\_url) | Required if you are already collecting CloudWatch Metrics. Provide the existing Sumo Logic Metrics Source API URL. If the URL is of “CloudWatch Metric source” - account and accountID fields will be added to the Source.  If the URL is of “Kinesis Firehose Metrics source” - account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
+| <a name="input_cloudwatch_metrics_source_details"></a> [cloudwatch\_metrics\_source\_details](#input\_cloudwatch\_metrics\_source\_details) | Provide details for the Sumo Logic Cloudwatch Metrics source. If not provided, then defaults will be used.<br>            limit\_to\_namespaces - Enter a comma-delimited list of the namespaces which will be used for both AWS CloudWatch Metrics Source.<br>            See this list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    description         = string<br>    limit_to_namespaces = list(string)<br>    fields              = map(string)<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      force_destroy_bucket = bool<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch metrics.",<br>  "fields": {},<br>  "limit_to_namespaces": [<br>    "AWS/ApplicationELB",<br>    "AWS/ApiGateway",<br>    "AWS/DynamoDB",<br>    "AWS/Lambda",<br>    "AWS/RDS",<br>    "AWS/ECS",<br>    "AWS/ElastiCache",<br>    "AWS/ELB",<br>    "AWS/NetworkELB",<br>    "AWS/SQS",<br>    "AWS/SNS",<br>    "AWS/EC2"<br>  ],<br>  "source_category": "aws/observability/cloudwatch/metrics",<br>  "source_name": "CloudWatch Metrics (Region)"<br>}</pre> | no |
+| <a name="input_cloudwatch_metrics_source_url"></a> [cloudwatch\_metrics\_source\_url](#input\_cloudwatch\_metrics\_source\_url) | Required if you are already collecting CloudWatch Metrics. Provide the existing Sumo Logic Metrics Source API URL. If the URL is of “CloudWatch Metric source” - account and accountID fields will be added to the Source. If the URL is of “Kinesis Firehose Metrics source” - account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
 | <a name="input_collect_classic_lb_logs"></a> [collect\_classic\_lb\_logs](#input\_collect\_classic\_lb\_logs) | Create a Sumo Logic Classic LB Logs Source.<br>            You have the following options:<br>			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects classic load balancer logs from an existing bucket or a new bucket.<br>			If true, please configure \"classic\_lb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.<br>			false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no |
 | <a name="input_collect_cloudtrail_logs"></a> [collect\_cloudtrail\_logs](#input\_collect\_cloudtrail\_logs) | Create a Sumo Logic CloudTrail Logs Source.<br>            You have the following options:<br>			true - to ingest cloudtrail logs into Sumo Logic. Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.<br>			If true, please configure \"cloudtrail\_source\_details\" with configuration information to ingest cloudtrail logs.<br>			false - you are already ingesting cloudtrail logs into Sumo Logic. | `bool` | `true` | no |
 | <a name="input_collect_cloudwatch_logs"></a> [collect\_cloudwatch\_logs](#input\_collect\_cloudwatch\_logs) | Select the kind of Sumo Logic CloudWatch Logs Sources to create<br>            You have the following options:<br>            "Lambda Log Forwarder" - Creates a Sumo Logic CloudWatch Log Source that collects CloudWatch logs via a Lambda function.<br>            "Kinesis Firehose Log Source" - Creates a Sumo Logic Kinesis Firehose Log Source to collect CloudWatch logs.<br>            "None" - Skips installation of both sources. | `string` | `"Kinesis Firehose Log Source"` | no |
 | <a name="input_collect_cloudwatch_metrics"></a> [collect\_cloudwatch\_metrics](#input\_collect\_cloudwatch\_metrics) | Select the kind of CloudWatch Metrics Source to create<br>            You have the following options:<br>            "CloudWatch Metrics Source" - Creates Sumo Logic AWS CloudWatch Metrics Sources.<br>            "Kinesis Firehose Metrics Source" (Recommended) - Creates a Sumo Logic AWS Kinesis Firehose for Metrics Source. Note: This new source has cost and performance benefits over the CloudWatch Metrics Source and is therefore recommended.<br>            "None" - Skips the Installation of both the Sumo Logic Metric Sources | `string` | `"Kinesis Firehose Metrics Source"` | no |
 | <a name="input_collect_elb_logs"></a> [collect\_elb\_logs](#input\_collect\_elb\_logs) | Create a Sumo Logic ALB Logs Source.<br>            You have the following options:<br>			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects application load balancer logs from an existing bucket or a new bucket.<br>			If true, please configure \"elb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.<br>			false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no |
 | <a name="input_collect_root_cause_data"></a> [collect\_root\_cause\_data](#input\_collect\_root\_cause\_data) | Select the Sumo Logic Root Cause Explorer Source.<br>            You have the following options:<br>            Inventory Source - Creates a Sumo Logic Inventory Source used by Root Cause Explorer.<br>            Xray Source - Creates a Sumo Logic AWS X-Ray Source that collects X-Ray Trace Metrics from your AWS account.<br>            Both - Install both Inventory and Xray sources.<br>            None - Skips installation of both sources. | `string` | `"Both"` | no |
-| <a name="input_elb_log_source_url"></a> [elb\_log\_source\_url](#input\_elb\_log\_source\_url) | Required if you are already collecting ALB logs. Provide the existing Sumo Logic ALB Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
+| <a name="input_elb_log_source_url"></a> [elb\_log\_source\_url](#input\_elb\_log\_source\_url) | Required if you are already collecting ALB logs. Provide the existing Sumo Logic ALB Source API URL. The account, accountid, and region fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no |
 | <a name="input_elb_source_details"></a> [elb\_source\_details](#input\_elb\_source\_details) | Provide details for the Sumo Logic ALB source. If not provided, then defaults will be used.<br>            To enable collection of application load balancer logs, set collect\_elb\_logs to true and provide configuration information for the bucket.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *elasticloadbalancing/AWSLogs/*/elasticloadbalancing/*/* | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*elasticloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Application LoadBalancer logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/alb/logs",<br>  "source_name": "Elb Logs (Region)"<br>}</pre> | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_existing_iam_details"></a> [existing\_iam\_details](#input\_existing\_iam\_details) | Provide an existing AWS IAM role arn value which provides access to AWS S3 Buckets, AWS CloudWatch Metrics API and Sumo Logic Inventory data.<br>			If kept empty, a new IAM role will be created with the required permissions.<br>			For more details on permissions, check the iam policy tmpl files at /source-module/templates folder. | <pre>object({<br>    create_iam_role = bool<br>    iam_role_arn    = string<br>  })</pre> | <pre>{<br>  "create_iam_role": true,<br>  "iam_role_arn": ""<br>}</pre> | no |
-| <a name="input_inventory_source_details"></a> [inventory\_source\_details](#input\_inventory\_source\_details) | Provide details for the Sumo Logic AWS Inventory source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    description         = string<br>    limit_to_namespaces = list(string)<br>    fields              = map(string)<br>  })</pre> | <pre>{<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS inventory metadata.",<br>  "fields": {},<br>  "limit_to_namespaces": [<br>    "AWS/ApplicationELB",<br>    "AWS/ApiGateway",<br>    "AWS/DynamoDB",<br>    "AWS/Lambda",<br>    "AWS/RDS",<br>    "AWS/ECS",<br>    "AWS/ElastiCache",<br>    "AWS/ELB",<br>    "AWS/NetworkELB",<br>    "AWS/SQS",<br>    "AWS/SNS",<br>    "AWS/AutoScaling"<br>  ],<br>  "source_category": "aws/observability/inventory",<br>  "source_name": "AWS Inventory (Region)"<br>}</pre> | no |
+| <a name="input_inventory_source_details"></a> [inventory\_source\_details](#input\_inventory\_source\_details) | Provide details for the Sumo Logic AWS Inventory source. If not provided, then defaults will be used. | <pre>object({<br>    source_name         = string<br>    source_category     = string<br>    description         = string<br>    limit_to_namespaces = list(string)<br>    fields              = map(string)<br>  })</pre> | <pre>{<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS inventory metadata.",<br>  "fields": {},<br>  "limit_to_namespaces": [<br>    "AWS/ApplicationELB",<br>    "AWS/ApiGateway",<br>    "AWS/DynamoDB",<br>    "AWS/Lambda",<br>    "AWS/RDS",<br>    "AWS/ECS",<br>    "AWS/ElastiCache",<br>    "AWS/ELB",<br>    "AWS/NetworkELB",<br>    "AWS/SQS",<br>    "AWS/SNS",<br>    "AWS/AutoScaling",<br>    "AWS/EC2"<br>  ],<br>  "source_category": "aws/observability/inventory",<br>  "source_name": "AWS Inventory (Region)"<br>}</pre> | no |
 | <a name="input_sumologic_collector_details"></a> [sumologic\_collector\_details](#input\_sumologic\_collector\_details) | Provide details for the Sumo Logic collector. If not provided, then defaults will be used.<br>			The Collector will be created if any new source will be created and \"sumologic\_existing\_collector\_id\" is empty. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "AWS Observability (AWS Account Alias) (Account ID)",<br>  "description": "This collector is created using Sumo Logic terraform AWS Observability module.",<br>  "fields": {}<br>}</pre> | no |
 | <a name="input_sumologic_existing_collector_details"></a> [sumologic\_existing\_collector\_details](#input\_sumologic\_existing\_collector\_details) | Provide an existing Sumo Logic Collector ID. For more details, visit https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration<br>			If provided, all the provided sources will be created within the collector.<br>			If kept empty, a new Collector will be created and all provided sources will be created within that collector. | <pre>object({<br>    create_collector = bool<br>    collector_id     = string<br>  })</pre> | <pre>{<br>  "collector_id": "",<br>  "create_collector": true<br>}</pre> | no |
 | <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
diff --git a/aws-observability-terraform/source-module/variables.tf b/aws-observability-terraform/source-module/variables.tf
index 5ada5fa2..c808e8a7 100644
--- a/aws-observability-terraform/source-module/variables.tf
+++ b/aws-observability-terraform/source-module/variables.tf
@@ -470,7 +470,7 @@ variable "cloudwatch_logs_source_details" {
   }
   validation {
     condition     = contains(["VPC-RAW", "VPC-JSON", "Others"], var.cloudwatch_logs_source_details.lambda_log_forwarder_config.log_format)
-    error_message = "Log format service must be be one of VPC-RAW, VPC-JSON, or Others."
+    error_message = "Log format service must be one of VPC-RAW, VPC-JSON, or Others."
   }
 }
 

From 301fd3ecd4efa4a7153726e80c9533c049c15217 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Thu, 7 Apr 2022 11:26:12 +0530
Subject: [PATCH 05/82] Initial checkin to collect CW metrics for EC2 with CF.

---
 aws-observability/apps/common/resources.template.yaml    | 9 +++++----
 aws-observability/apps/common/test/TestTemplate.yaml     | 4 ++--
 .../scripts/DeployTemplate/parameters-default.json       | 2 +-
 .../sumologic_observability.master.template.yaml         | 4 ++--
 4 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml
index b6e95399..6694b6dc 100755
--- a/aws-observability/apps/common/resources.template.yaml
+++ b/aws-observability/apps/common/resources.template.yaml
@@ -79,8 +79,8 @@ Parameters:
     Description: "Provide a Cloud Watch Metrics Source Name"
     Default: ""
   CloudWatchMetricsNameSpaces:
-    Default: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS"
-    Description: "Provide Comma delimited list of the namespaces. Default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS. See the list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html"
+    Default: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2"
+    Description: "Provide Comma delimited list of the namespaces. Default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2. See the list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html"
     Type: String
   ScanInterval:
     Default: 300000
@@ -904,7 +904,7 @@ Resources:
           LOGGER.setLevel(logging.INFO)
           # Update the Default value whenever CF starts supporting More Namespaces
           default = ["AWS/ApplicationELB", "AWS/ApiGateway", "AWS/DynamoDB", "AWS/Lambda", "AWS/RDS", "AWS/ECS",
-                     "AWS/ElastiCache", "AWS/ELB", "AWS/NetworkELB", "AWS/SQS", "AWS/SNS"]
+                     "AWS/ElastiCache", "AWS/ELB", "AWS/NetworkELB", "AWS/SQS", "AWS/SNS", "AWS/EC2"]
           cw_metrics_specific = ["SQS", "SNS"]
 
           def lambda_handler(event, context):
@@ -999,7 +999,8 @@ Resources:
         ThirdMetricsSourceNamespace: "ELB"
         CreateFourthMetricsSource: !GetAtt Primerinvoke.NetworkELB
         FourthMetricsSourceNamespace: "NetworkELB"
-        CreateFifthMetricsSource: "No"
+        CreateFifthMetricsSource: !GetAtt Primerinvoke.EC2
+        FifthMetricsSourceNamespace: "EC2"
 
   CloudWatchMetricsThirdStack:
     Type: AWS::CloudFormation::Stack
diff --git a/aws-observability/apps/common/test/TestTemplate.yaml b/aws-observability/apps/common/test/TestTemplate.yaml
index ba160cbc..f8189364 100644
--- a/aws-observability/apps/common/test/TestTemplate.yaml
+++ b/aws-observability/apps/common/test/TestTemplate.yaml
@@ -37,7 +37,7 @@ Tests:
         MetaDataSourceName: 'Sourabh MetaData Source'
         CreateCloudWatchMetricsSource: 'Yes'
         CloudWatchMetricsSourceName: 'Sourabh CW Metrics Source'
-        CloudWatchMetricsNameSpaces: 'AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS'
+        CloudWatchMetricsNameSpaces: 'AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2'
         CreateALBLogSource: 'Yes'
         CreateALBS3Bucket: 'Yes'
         ALBS3LogsBucketName: 'cf-templates-1qpf3unpuo1hw-ap-south-1'
@@ -183,7 +183,7 @@ Tests:
             CreateFifthMetricsSource: 'No'
             FifthMetricsSourceNamespace: ''
           KinesisFirehoseMetricsStack:
-            Section1bNamespaceFilter: 'AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS'
+            Section1bNamespaceFilter: 'AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2'
             Section2aCreateS3Bucket: 'No'
             Section2bFailedDataS3Bucket: "aws-observability-logs"
           KinesisFirehoseLogsStack:
diff --git a/aws-observability/scripts/DeployTemplate/parameters-default.json b/aws-observability/scripts/DeployTemplate/parameters-default.json
index 41979189..fd13e7a8 100644
--- a/aws-observability/scripts/DeployTemplate/parameters-default.json
+++ b/aws-observability/scripts/DeployTemplate/parameters-default.json
@@ -7,7 +7,7 @@
     "Section2aAccountAlias=",
     "Section3aInstallObservabilityApps=No",
     "Section4aCreateMetricsSourceOptions=None",
-    "Section4bMetricsNameSpaces=AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS",
+    "Section4bMetricsNameSpaces=AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2",
     "Section4cCloudWatchExistingSourceAPIUrl=",
     "Section5aAutoEnableS3LogsALBResourcesOptions=None",
     "Section5bALBCreateLogSource=No",
diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml
index 52920f67..b203d910 100755
--- a/aws-observability/templates/sumologic_observability.master.template.yaml
+++ b/aws-observability/templates/sumologic_observability.master.template.yaml
@@ -221,8 +221,8 @@ Parameters:
       - 'Kinesis Firehose Metrics Source'
       - 'None'
   Section4bMetricsNameSpaces:
-    Default: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS"
-    Description: "Provide Comma delimited list of the namespaces which will be used for both AWS CloudWatch Metrics and Inventory Sources. Default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS. AWS/AutoScaling will be appended to Namespaces for Inventory Sources. See the list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html"
+    Default: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2"
+    Description: "Provide Comma delimited list of the namespaces which will be used for both AWS CloudWatch Metrics and Inventory Sources. Default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/SQS, AWS/SNS, AWS/EC2. AWS/AutoScaling will be appended to Namespaces for Inventory Sources. See the list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html"
     Type: String
   Section4cCloudWatchExistingSourceAPIUrl:
     Type: String

From b732a998a3866b4ddd37e0ef0d82a96e6bebd2b6 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Thu, 7 Apr 2022 14:27:31 +0530
Subject: [PATCH 06/82] Updated cloudformation test template for EC2 metric
 collection and inventory source test.

---
 aws-observability/templates/test/TestTemplate.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/aws-observability/templates/test/TestTemplate.yaml b/aws-observability/templates/test/TestTemplate.yaml
index e806a6b0..658524ce 100644
--- a/aws-observability/templates/test/TestTemplate.yaml
+++ b/aws-observability/templates/test/TestTemplate.yaml
@@ -19,7 +19,7 @@ Tests:
         Section1dSumoLogicOrganizationId: '${US1_ENTERPRISE_ORG_ID}'
         Section2aAccountAlias: ''
         Section2bAccountAliasMappingS3URL: ''
-        Section4bMetricsNameSpaces: 'AWS/ApiGateway, AWS/DynamoDB, AWS/ElastiCache, AWS/SQS, AWS/SNS'
+        Section4bMetricsNameSpaces: 'AWS/ApiGateway, AWS/DynamoDB, AWS/ElastiCache, AWS/SQS, AWS/SNS, AWS/EC2'
     Assertions:
       - AssertType: ResourceExistence
         Assert:
@@ -1131,7 +1131,7 @@ Tests:
         Section7aLambdaCreateCloudWatchLogsSourceOptions: 'Lambda Log Forwarder'
         Section7cAutoSubscribeLogGroupsLambdaOptions: 'New'
         Section8aRootCauseExplorerOptions: 'Xray Source'
-        Section4bMetricsNameSpaces: 'AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/ApplicationELB, AWS/RDS, AWS/SQS'
+        Section4bMetricsNameSpaces: 'AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/ApplicationELB, AWS/RDS, AWS/SQS, AWS/EC2'
         Section9aAutoEnableS3LogsELBResourcesOptions: 'New'
         Section9bELBCreateLogSource: 'Yes'
     Assertions:
@@ -2059,7 +2059,7 @@ Tests:
         Section6dCloudTrailBucketPathExpression: '*abc*'
         Section7aLambdaCreateCloudWatchLogsSourceOptions: 'None'
         Section8aRootCauseExplorerOptions: 'Inventory Source'
-        Section4bMetricsNameSpaces: 'AWS/ApiGateway, AWS/DynamoDB, AWS/ElastiCache'
+        Section4bMetricsNameSpaces: 'AWS/ApiGateway, AWS/DynamoDB, AWS/ElastiCache, AWS/EC2'
         Section9aAutoEnableS3LogsELBResourcesOptions: 'None'
         Section9bELBCreateLogSource: 'Yes'
     Assertions:

From e00a0a0817aed4cab5608d7b558dd031b868f49e Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Wed, 4 May 2022 22:17:14 +0530
Subject: [PATCH 07/82] updated dynamodb overview and threatintel dashboards to
 handle filters and threatintel query optimization.

---
 aws-observability/json/DynamoDb-App.json | 181 ++++++++++++++++++-----
 1 file changed, 144 insertions(+), 37 deletions(-)

diff --git a/aws-observability/json/DynamoDb-App.json b/aws-observability/json/DynamoDb-App.json
index 6bf0995a..aa4492ad 100644
--- a/aws-observability/json/DynamoDb-App.json
+++ b/aws-observability/json/DynamoDb-App.json
@@ -8,7 +8,6 @@
             "name": "1. AWS DynamoDB - Capacity Planning",
             "description": "See the details of your DynamoDB capacity including the provisioned read/write consumed, read/write throttle events, and throttled requests.",
             "title": "1. AWS DynamoDB - Capacity Planning",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -98,22 +97,26 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ProvisionedReadCapacityUnits Statistic=Maximum | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ConsumedReadCapacityUnits Statistic=Maximum | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -132,22 +135,26 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ProvisionedWriteCapacityUnits Statistic=Maximum  | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ConsumedWriteCapacityUnits Statistic=Maximum  | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -166,12 +173,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*get* or operation=*scan* or operation=*query*) | sum by account, region, namespace, tablename, operation",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -190,12 +199,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*get* or operation=*scan* or operation=*query*) | sum by account, region, namespace, tablename, operation",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -214,12 +225,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*update* or operation=*put* or operation=*delete* or operation=*write*) | sum by account, region, namespace, tablename, operation",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -238,12 +251,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*update* or operation=*put* or operation=*delete* or operation=*write*) | sum by account, region, namespace, tablename, operation",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -262,12 +277,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ReadThrottleEvents Statistic=sum | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -286,12 +303,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=WriteThrottleEvents Statistic=sum | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -310,22 +329,26 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxReads Statistic=Average | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxTableLevelReads Statistic=Average | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -344,22 +367,26 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxWrites Statistic=Average | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxTableLevelWrites Statistic=Average | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -401,7 +428,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -415,7 +443,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -429,7 +458,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -443,7 +473,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -453,7 +484,6 @@
             "name": "1. AWS DynamoDB - Overview",
             "description": "See the overview of your DynamoDB environment including the events, errors, requests, users, and latency.",
             "title": "1. AWS DynamoDB - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -567,12 +597,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=AccountProvisionedWriteCapacityUtilization Statistic=Average | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -591,12 +623,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=UserErrors Statistic=SampleCount | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -615,12 +649,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=SystemErrors Statistic=SampleCount | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -639,12 +675,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=ConditionalCheckFailedRequests Statistic=SampleCount | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -663,12 +701,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=TransactionConflict Statistic=SampleCount | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -687,12 +727,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=Average  | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -711,12 +753,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=SampleCount  | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -735,22 +779,26 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=UserErrors Statistic=SampleCount | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=SystemErrors Statistic=SampleCount  | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -769,12 +817,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| timeslice 5m\n| count by EventName, _timeslice\n| transpose row _timeslice column EventName ",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -788,17 +838,19 @@
                     "id": null,
                     "key": "panelpane-064f62b0b148db44",
                     "title": "Top 10 Errors",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "Region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as Count by ErrorCode, ErrorMessage\n| sort by Count\n| limit 10",
+                            "transient": false,
+                            "queryString": "account={{account}} Region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isblank(tablename)\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as Count by ErrorCode, ErrorMessage\n| sort by Count\n| limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -812,17 +864,19 @@
                     "id": null,
                     "key": "panelpane-c0cb88ffbad6eb42",
                     "title": "Top 5 IAM Users",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} namespace={{namespace}} Region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as Count by UserName\n| sort Count \n| limit 5",
+                            "transient": false,
+                            "queryString": "account={{account}} namespace={{namespace}} Region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isblank(tablename)\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as Count by UserName\n| sort Count, UserName asc\n| limit 5",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -841,12 +895,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=AccountProvisionedReadCapacityUtilization Statistic=Average | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -860,17 +916,19 @@
                     "id": null,
                     "key": "panelPANE-4AD569BB8E29FA47",
                     "title": "Top 5 Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} namespace={{namespace}} Region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as count by EventName\n| sort count \n| limit 5",
+                            "transient": false,
+                            "queryString": "account={{account}} namespace={{namespace}} Region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isblank(tablename)\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as count by EventName\n| sort count, EventName asc\n| limit 5",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -916,12 +974,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum  | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -940,12 +1000,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} tablename={{tablename}} metric=ConditionalCheckFailedRequests Statistic=SampleCount  | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -969,7 +1031,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -983,7 +1046,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -997,7 +1061,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1011,7 +1076,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1021,7 +1087,6 @@
             "name": "2. AWS DynamoDB  - Latency and Errors",
             "description": "See the details of errors and latency of your DynamoDB including the user error, system error, failed request, and latency.",
             "title": "2. AWS DynamoDB  - Latency and Errors",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1079,12 +1144,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=Average (operation=*get* or operation=*scan* or operation=*query*) | sum by account, region, namespace, tablename, operation",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1103,12 +1170,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=Average (operation=*update* or operation=*put* or operation=*delete* or operation=*write*) | sum by account, region, namespace, tablename, operation",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1127,12 +1196,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} tablename={{tablename}} metric=ConditionalCheckFailedRequests Statistic=SampleCount | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1151,12 +1222,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} tablename={{tablename}} metric=TransactionConflict Statistic=SampleCount | sum by account, region, namespace, tablename",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1180,7 +1253,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1194,7 +1268,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1208,7 +1283,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1222,7 +1298,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1232,7 +1309,6 @@
             "name": "3. AWS DynamoDB - Events",
             "description": "See the details on events in your DynamoDB including the location, users, errors, updates, creations, and deletions to tables.",
             "title": "3. AWS DynamoDB - Events",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1302,12 +1378,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count by EventName\n| sort by _count, EventName asc\n| limit 5",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1326,12 +1404,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\" as EventName, Region, tablename, SourceIp, UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| timeslice 5m\n| count by EventName, _timeslice\n| transpose row _timeslice column EventName \n| fillmissing timeslice (5m)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1350,12 +1430,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\") and !isEmpty(ErrorCode)\n| count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1374,12 +1456,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count as count by UserName\n| sort count \n| limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1398,12 +1482,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\") and !isEmpty(ErrorCode)\n| count as Count by ErrorCode, ErrorMessage, EventName, UserName, SourceIp\n| sort by Count\n| limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1422,12 +1508,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"requestParameters.keySchema\", \"requestParameters.attributeDefinitions\", \"userAgent\", \"responseElements.tableDescription.provisionedThroughput\", \"userIdentity.sessionContext.attributes.mfaAuthenticated\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, TableSchema, AttributeDefinition, UserAgent, ProvisionedThroughput, MFAAuthenticated nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS\") as MessageDate\n| count as Count by MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated\n| sort by MessageDate\n| fields MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1446,12 +1534,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count by SourceIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = SourceIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1475,7 +1565,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1489,7 +1580,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1503,7 +1595,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1517,7 +1610,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1527,7 +1621,6 @@
             "name": "4. AWS DynamoDB - Threat Intel",
             "description": "See the details of IP threats including the count, location, and highly malicious IP threats.",
             "title": "4. AWS DynamoDB - Threat Intel",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1589,12 +1682,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
+                            "transient": false,
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1613,12 +1708,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by SourceIp, tablename\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, tablename, Actor, LabelName\n| sort by ThreatCount",
+                            "transient": false,
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp, tablename\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, tablename, Actor, LabelName\n| sort by ThreatCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1637,12 +1734,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
+                            "transient": false,
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount, MaliciousConfidence asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1656,17 +1755,19 @@
                     "id": null,
                     "key": "panelpane-c605d948852ffb48",
                     "title": "Malicious Confidence",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by malicious_confidence\n| sort by _count",
+                            "transient": false,
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum(ip_count) as ThreatCount by malicious_confidence\n| sort by ThreatCount, malicious_confidence asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1685,12 +1786,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by SourceIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = SourceIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| lookup latitude, longitude from geo://location on ip = SourceIp\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1714,7 +1817,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1728,7 +1832,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1742,7 +1847,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1756,7 +1862,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []

From ca974b1aa1cddd9a19f6c7252ba64f75eb2621c7 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Thu, 5 May 2022 10:49:16 +0530
Subject: [PATCH 08/82] Updated lambda cw logs FER for TF. Added new FER to
 extract namespace from generic CW logs in both CF and TF. Updated README.md

---
 .../app-modules/dynamodb/README.md            |  1 +
 .../app-modules/lambda/README.md              |  1 +
 .../app-modules/lambda/app.tf                 | 18 +++++++++++++--
 .../apps/lambda/lambda_app.template.yaml      | 23 ++++++++++++++++++-
 4 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/aws-observability-terraform/app-modules/dynamodb/README.md b/aws-observability-terraform/app-modules/dynamodb/README.md
index 9ee8b067..b6c48aae 100644
--- a/aws-observability-terraform/app-modules/dynamodb/README.md
+++ b/aws-observability-terraform/app-modules/dynamodb/README.md
@@ -27,6 +27,7 @@ No resources.
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      recipients            = list(string),<br>      subject               = string,<br>      time_zone             = string,<br>      message_body          = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
+| <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |
 | <a name="input_monitors_disabled"></a> [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no |
 
diff --git a/aws-observability-terraform/app-modules/lambda/README.md b/aws-observability-terraform/app-modules/lambda/README.md
index c5be3312..f2d3cd7d 100644
--- a/aws-observability-terraform/app-modules/lambda/README.md
+++ b/aws-observability-terraform/app-modules/lambda/README.md
@@ -27,6 +27,7 @@ No resources.
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      recipients            = list(string),<br>      subject               = string,<br>      time_zone             = string,<br>      message_body          = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
+| <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |
 | <a name="input_monitors_disabled"></a> [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no |
 
diff --git a/aws-observability-terraform/app-modules/lambda/app.tf b/aws-observability-terraform/app-modules/lambda/app.tf
index 59da4a1b..f8b8a55c 100644
--- a/aws-observability-terraform/app-modules/lambda/app.tf
+++ b/aws-observability-terraform/app-modules/lambda/app.tf
@@ -36,11 +36,25 @@ module "lambda_module" {
     },
     "CloudWatchFieldExtractionRule" = {
       name             = "AwsObservabilityLambdaCloudWatchLogsFER"
-      scope            = "account=* region=* namespace=aws/lambda _sourceHost=/aws/lambda/*"
+      scope            = "account=* region=* _sourceHost=/aws/lambda/*"
       parse_expression = <<EOT
               | parse field=_sourceHost "/aws/lambda/*" as functionname
               | tolowercase(functionname) as functionname
-              | fields functionname
+              | "aws/lambda" as namespace
+              | fields functionname, namespace
+      EOT
+      enabled          = true
+    },
+    "GenericCloudWatchLogsFieldExtractionRule" = {
+      name             = "AwsObservabilityGenericCloudWatchLogsFER"
+      scope            = "account=* region=* _sourceHost=/aws/*"
+      parse_expression = <<EOT
+              | "unknown" as namespace
+              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
+              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
+              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
+              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
+              | fields namespace
       EOT
       enabled          = true
     }
diff --git a/aws-observability/apps/lambda/lambda_app.template.yaml b/aws-observability/apps/lambda/lambda_app.template.yaml
index c0435e9e..d9ff4199 100755
--- a/aws-observability/apps/lambda/lambda_app.template.yaml
+++ b/aws-observability/apps/lambda/lambda_app.template.yaml
@@ -342,7 +342,28 @@ Resources:
           - " _sourceHost=/aws/lambda/*)"
       FieldExtractionRuleParseExpression: '| parse field=_sourceHost "/aws/lambda/*" as functionname
                                            | tolowercase(functionname) as functionname
-                                           | fields functionname'
+                                           | "aws/lambda" as namespace
+                                           | fields functionname, namespace'
+      FieldExtractionRuleParseEnabled: true
+      SumoAccessID: !Ref Section1bSumoAccessID
+      SumoAccessKey: !Ref Section1cSumoAccessKey
+      SumoDeployment: !Ref Section1aSumoDeployment
+  
+  GenericCloudWatchLogsFieldExtractionRule:
+    Type: Custom::SumoLogicFieldExtractionRule
+    Condition: create_cloudwatch_fer
+    DependsOn: AddFunctionNameField
+    Properties:
+      ServiceToken: !Ref Section7aParentStackLambdaARN
+      RemoveOnDeleteStack: false
+      FieldExtractionRuleName: "AwsObservabilityGenericCloudWatchLogsFER"
+      FieldExtractionRuleScope: "account=* region=* _sourceHost=/aws/*"
+      FieldExtractionRuleParseExpression: '| "unknown" as namespace
+              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
+              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
+              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
+              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
+              | fields namespace'
       FieldExtractionRuleParseEnabled: true
       SumoAccessID: !Ref Section1bSumoAccessID
       SumoAccessKey: !Ref Section1cSumoAccessKey

From fd83d8ddb97639203f1b996360c84822ae64fff8 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Mon, 9 May 2022 14:35:19 +0530
Subject: [PATCH 09/82] DynamoDB - Updated cloudtrail specific Events dashboard
 for various optimizations and query fixes / updates.

---
 aws-observability/json/DynamoDb-App.json | 40 ++++++++++++------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/aws-observability/json/DynamoDb-App.json b/aws-observability/json/DynamoDb-App.json
index aa4492ad..d2377235 100644
--- a/aws-observability/json/DynamoDb-App.json
+++ b/aws-observability/json/DynamoDb-App.json
@@ -449,11 +449,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/dynamodb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/dynamodb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1052,11 +1052,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/dynamodb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/dynamodb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1274,11 +1274,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/dynamodb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/dynamodb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1307,7 +1307,7 @@
         {
             "type": "DashboardV2SyncDefinition",
             "name": "3. AWS DynamoDB - Events",
-            "description": "See the details on events in your DynamoDB including the location, users, errors, updates, creations, and deletions to tables.",
+            "description": "See the details on cloudtrail audit events in your DynamoDB including the location, users, errors, updates, creations, and deletions to tables.",
             "title": "3. AWS DynamoDB - Events",
             "theme": "Light",
             "topologyLabelMap": {
@@ -1379,7 +1379,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count by EventName\n| sort by _count, EventName asc\n| limit 5",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| count by EventName\n| sort by _count, EventName asc\n| limit 5",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1399,13 +1399,13 @@
                     "id": null,
                     "key": "panelpane-da8bb2b4afbc5948",
                     "title": "Events Over Time",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\" as EventName, Region, tablename, SourceIp, UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| timeslice 5m\n| count by EventName, _timeslice\n| transpose row _timeslice column EventName \n| fillmissing timeslice (5m)",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\" as EventName, Region, tablename, SourceIp, UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| timeslice 5m\n| count by EventName, _timeslice\n| transpose row _timeslice column EventName \n| fillmissing timeslice (5m)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1431,7 +1431,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\") and !isEmpty(ErrorCode)\n| count",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where !isBlank(errorCode)\n| count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1451,13 +1451,13 @@
                     "id": null,
                     "key": "panelpane-b8faa804b5a87b46",
                     "title": "Top 10 IAM Users",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count as count by UserName\n| sort count \n| limit 10",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| count as count by UserName\n| sort count \n| limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1483,7 +1483,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\") and !isEmpty(ErrorCode)\n| count as Count by ErrorCode, ErrorMessage, EventName, UserName, SourceIp\n| sort by Count\n| limit 20",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where !isBlank(errorCode)\n| count as Count by ErrorCode, ErrorMessage, EventName, UserName, SourceIp\n| sort by Count, ErrorCode, ErrorMessage\n| limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1509,7 +1509,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"requestParameters.keySchema\", \"requestParameters.attributeDefinitions\", \"userAgent\", \"responseElements.tableDescription.provisionedThroughput\", \"userIdentity.sessionContext.attributes.mfaAuthenticated\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, TableSchema, AttributeDefinition, UserAgent, ProvisionedThroughput, MFAAuthenticated nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS\") as MessageDate\n| count as Count by MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated\n| sort by MessageDate\n| fields MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"requestParameters.keySchema\", \"requestParameters.attributeDefinitions\", \"userAgent\", \"responseElements.tableDescription.provisionedThroughput\", \"userIdentity.sessionContext.attributes.mfaAuthenticated\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, TableSchema, AttributeDefinition, UserAgent, ProvisionedThroughput, MFAAuthenticated nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS\") as MessageDate\n| count as Count by MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated\n| sort by MessageDate\n| fields MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1535,7 +1535,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count by SourceIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = SourceIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| count by SourceIp\n| lookup latitude, longitude from geo://location on ip = SourceIp\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1586,11 +1586,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/dynamodb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/dynamodb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1838,11 +1838,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/dynamodb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/dynamodb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,

From 01bc9bf56e39c0d10d745a1d2df6cf2fe6803b61 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Mon, 9 May 2022 16:22:01 +0530
Subject: [PATCH 10/82] Updated AWSO APIGateway dashboards - optimizations.

---
 aws-observability/json/Api-Gateway-App.json | 248 +++++++++++++++-----
 1 file changed, 190 insertions(+), 58 deletions(-)

diff --git a/aws-observability/json/Api-Gateway-App.json b/aws-observability/json/Api-Gateway-App.json
index 46288e83..3478a2f4 100644
--- a/aws-observability/json/Api-Gateway-App.json
+++ b/aws-observability/json/Api-Gateway-App.json
@@ -8,7 +8,6 @@
             "name": "1. AWS API Gateway - Latency, Cache",
             "description": "AWS API Gateway - Latency, Cache dashboard provides insights into API Gateway performance including API requests, latency, API cache hits, and back-end cache misses.",
             "title": "1. AWS API Gateway - Latency, Cache",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -99,32 +98,38 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -161,12 +166,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -185,12 +192,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -209,12 +218,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CacheHitCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100 ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -233,12 +244,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CacheMissCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -271,8 +284,8 @@
                 {
                     "id": null,
                     "name": "account",
-                    "displayName": null,
-                    "defaultValue": null,
+                    "displayName": "account",
+                    "defaultValue": "",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
                         "filter": "",
@@ -280,7 +293,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -294,21 +308,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/apigateway",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/apigateway",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -322,7 +338,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -332,7 +349,6 @@
             "name": "1. AWS API Gateway - Overview",
             "description": "AWS API Gateway - Overview dashboard provides insights into API Gateway performance throughout your infrastructure, including API calls, latency, client and server-side errors, API cache hits, and back-end cache misses.",
             "title": "1. AWS API Gateway - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -477,12 +493,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -501,12 +519,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=5XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -525,12 +545,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -549,12 +571,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CacheHitCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -573,12 +597,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CacheMissCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -597,12 +623,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=4XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -657,12 +685,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -681,12 +711,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | count",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -705,12 +737,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname | eval round(_value)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -729,12 +763,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -753,12 +789,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -777,32 +815,38 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by account, region, namespace | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by account, region, namespace | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -826,7 +870,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -840,21 +885,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/apigateway",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/apigateway",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -868,7 +915,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -878,7 +926,6 @@
             "name": "2. AWS API Gateway - 4XX and 5XX Errors",
             "description": "AWS API Gateway - 4xx and 5xx Errors dashboard provides insights into API Gateway HTTP 4xx and 5xx code errors throughout your infrastructure, including API requests, client-side errors, and server-side errors.",
             "title": "2. AWS API Gateway - 4XX and 5XX Errors",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -944,12 +991,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=4XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -968,12 +1017,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=5XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -992,32 +1043,38 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1068,7 +1125,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1082,21 +1140,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/apigateway",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/apigateway",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1110,7 +1170,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1120,7 +1181,6 @@
             "name": "2. AWS API Gateway - Audit Events",
             "description": "AWS API Gateway - Audit Events dashboard provides detailed audit insights into API Gateway events by various dimensions including event names, trends, regions, user agents, and recipient account IDs.",
             "title": "2. AWS API Gateway - Audit Events",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1211,12 +1271,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" eventName account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count as eventCount by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" eventName account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count as eventCount by _timeslice, event_name\n| transpose row _timeslice column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1235,12 +1297,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" userAgent account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user_agent\n| sort by eventCount, user_agent asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" userAgent account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user_agent\n| sort by eventCount, user_agent asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1259,12 +1323,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")  and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")  and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1283,12 +1349,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1302,17 +1370,19 @@
                     "id": null,
                     "key": "panelPANE-D3C4BB28A83C9947",
                     "title": "Event Status",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"pie\"}},{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"pie\"}},{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"pie\"}}],\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"pie\"}},{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"pie\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventStatus\n| sort by eventCount, eventStatus asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventStatus\n| sort by eventCount, eventStatus asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1331,12 +1401,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count by _timeslice, eventStatus\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count by _timeslice, eventStatus\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1355,12 +1427,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by errorCode \n| top 10 errorCode by eventCount, errorCode asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by errorCode \n| top 10 errorCode by eventCount, errorCode asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1379,12 +1453,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1403,12 +1479,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop \n| json field=responseElements \"name\", \"Message\" as ApiName, responseMessage nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorMessage), responseMessage, errorMessage) as errorMessage\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, errorCode, errorMessage, Region, src_ip, accountId, user, type, requestID, user_agent\n| sort by _timeslice\n| limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop \n| json field=responseElements \"name\", \"Message\" as ApiName, responseMessage nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorMessage), responseMessage, errorMessage) as errorMessage\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, errorCode, errorMessage, Region, src_ip, accountId, user, type, requestID, user_agent, apiname\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1427,12 +1505,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1451,12 +1531,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, Region, src_ip, accountId, user, type, requestID, user_agent, ApiName\n| sort by _timeslice\n| limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, Region, src_ip, accountId, user, type, requestID, user_agent, ApiName\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1475,12 +1557,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by type, user\n| topk(10, eventCount) by type | fields -_rank",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by type, user\n| topk(10, eventCount) by type | fields -_rank",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1499,12 +1583,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip, event_name // , user, user_agent, apiname\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, apiname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1528,7 +1614,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1542,21 +1629,38 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/apigateway",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/apigateway",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": "apiname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/apigateway",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1566,7 +1670,6 @@
             "name": "3. AWS API Gateway - Enhanced Monitoring",
             "description": "AWS API Gateway - Enhanced Monitoring dashboard provides detailed insights into API Gateway performance throughout your infrastructure, including the number and types of API calls, API resources, cache hits and misses, latency averages, and errors by HTTP method.",
             "title": "3. AWS API Gateway - Enhanced Monitoring",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1652,12 +1755,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by method",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1676,12 +1781,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=4XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by method",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1700,12 +1807,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=5XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}}  method={{method}} resource={{resource}} | sum by method",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1724,12 +1833,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1748,12 +1859,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by apiname, namespace, region, account, method | count",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1772,12 +1885,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by apiname, namespace, region, account, resource | count",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1796,12 +1911,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by apiname, method, resource | eval round(_value)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1815,28 +1932,32 @@
                     "id": null,
                     "key": "panelpane-6052fefb99524948",
                     "title": "Cache Hits and Misses",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Rate\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Cache Hits, apiname={{apiname}} \"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Cache Miss, apiname={{apiname}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Rate\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Cache Hits, {{apiname}} \"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Cache Miss, {{apiname}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CacheHitCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account | eval _value * 100",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CacheMissCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account | eval _value * 100",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
                             "timeSource": "Message"
                         }
                     ],
@@ -1854,12 +1975,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1878,12 +2001,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1897,10 +2022,10 @@
                     "id": null,
                     "key": "panelpane-4f8a91c58c9d3b4e",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"alignment\":\"left\",\"fontSize\":16,\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"alignment\":\"left\",\"fontSize\":16,\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This dashboard works on detailed CloudWatch metrics which needs to be explicitly enabled. You can do this in the console by selecting \"Enable CloudWatch Metrics\" under a stage Settings tab. Alternatively, you can call the update-stage AWS CLI command to update the metricsEnabled property to true."
+                    "text": "This dashboard works on detailed CloudWatch metrics which needs to be explicitly enabled. You can do this in the AWS console by selecting \"Enable CloudWatch Metrics\" under a stage Settings tab. Alternatively, you can call the update-stage AWS CLI command to update the metricsEnabled property to true."
                 }
             ],
             "variables": [
@@ -1916,7 +2041,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1930,21 +2056,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/apigateway",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/apigateway",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1958,7 +2086,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1972,7 +2101,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1986,7 +2116,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2000,7 +2131,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []

From eb60a311f67c50d4426aa8acf78e90c88bf0ced9 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Mon, 16 May 2022 20:17:06 +0530
Subject: [PATCH 11/82] adding app module example and test framework

---
 .../examples/appmodule/LICENSE                |   13 +
 .../examples/appmodule/README.md              |   60 +
 .../examples/appmodule/field.tf               |   97 +
 .../examples/appmodule/fields.sh              |  101 +
 .../examples/appmodule/main.auto.tfvars       |    9 +
 .../examples/appmodule/main.tf                |   20 +
 .../examples/appmodule/output.tf              |  222 +
 .../examples/appmodule/providers.tf           |   21 +
 .../examples/appmodule/variables.tf           |  137 +
 .../examples/appmodule/versions.tf            |   22 +
 .../aws-observability/json/Alb-App.json       | 3037 +++++++++++
 .../aws-observability/json/Alerts-App.json    | 1701 ++++++
 .../json/Api-Gateway-App.json                 | 2009 +++++++
 .../json/Classic-lb-App.json                  | 3039 +++++++++++
 .../aws-observability/json/DynamoDb-App.json  | 1765 ++++++
 .../json/EC2-Metrics-App.json                 | 3241 ++++++++++++
 .../aws-observability/json/Ecs-App.json       | 1555 ++++++
 .../json/ElastiCache-App.json                 | 4710 +++++++++++++++++
 .../aws-observability/json/Lambda-App.json    | 3195 +++++++++++
 .../aws-observability/json/Nlb-App.json       | 2052 +++++++
 .../aws-observability/json/Overview-App.json  | 1957 +++++++
 .../aws-observability/json/Rce-App.json       | 2185 ++++++++
 .../aws-observability/json/Rds-App.json       | 4673 ++++++++++++++++
 .../aws-observability/json/Test-Alerts.json   |   77 +
 aws-observability-terraform/go.mod            |   86 +
 aws-observability-terraform/go.sum            |  758 +++
 aws-observability-terraform/test/README.md    |   72 +
 aws-observability-terraform/test/him_test.go  |  146 +
 aws-observability-terraform/test/terraform.go |   45 +
 .../test/unit_tests.sh                        |   38 +
 aws-observability-terraform/test/utils.go     |   47 +
 .../test/validateSumo.go                      |  223 +
 32 files changed, 37313 insertions(+)
 create mode 100644 aws-observability-terraform/examples/appmodule/LICENSE
 create mode 100644 aws-observability-terraform/examples/appmodule/README.md
 create mode 100644 aws-observability-terraform/examples/appmodule/field.tf
 create mode 100644 aws-observability-terraform/examples/appmodule/fields.sh
 create mode 100644 aws-observability-terraform/examples/appmodule/main.auto.tfvars
 create mode 100644 aws-observability-terraform/examples/appmodule/main.tf
 create mode 100644 aws-observability-terraform/examples/appmodule/output.tf
 create mode 100644 aws-observability-terraform/examples/appmodule/providers.tf
 create mode 100644 aws-observability-terraform/examples/appmodule/variables.tf
 create mode 100644 aws-observability-terraform/examples/appmodule/versions.tf
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Alb-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Alerts-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Api-Gateway-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Classic-lb-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/DynamoDb-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/EC2-Metrics-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Ecs-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/ElastiCache-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Lambda-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Nlb-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Overview-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Rce-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Rds-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Test-Alerts.json
 create mode 100644 aws-observability-terraform/go.mod
 create mode 100644 aws-observability-terraform/go.sum
 create mode 100644 aws-observability-terraform/test/README.md
 create mode 100644 aws-observability-terraform/test/him_test.go
 create mode 100644 aws-observability-terraform/test/terraform.go
 create mode 100644 aws-observability-terraform/test/unit_tests.sh
 create mode 100644 aws-observability-terraform/test/utils.go
 create mode 100644 aws-observability-terraform/test/validateSumo.go

diff --git a/aws-observability-terraform/examples/appmodule/LICENSE b/aws-observability-terraform/examples/appmodule/LICENSE
new file mode 100644
index 00000000..f9b9ffe9
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2020. Sumo Logic Inc., All Rights Reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/README.md b/aws-observability-terraform/examples/appmodule/README.md
new file mode 100644
index 00000000..647b7397
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/README.md
@@ -0,0 +1,60 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.13.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
+| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [sumologic_field.account](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.accountid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.loadbalancername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.namespace](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
+| <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_folder_installation_location"></a> [sumologic\_folder\_installation\_location](#input\_sumologic\_folder\_installation\_location) | Indicates where to install the app folder. Enter "Personal Folder" for installing in "Personal" folder and "Admin Recommended Folder" for installing in "Admin Recommended" folder. | `string` | `"Personal Folder"` | no |
+| <a name="input_sumologic_folder_share_with_org"></a> [sumologic\_folder\_share\_with\_org](#input\_sumologic\_folder\_share\_with\_org) | Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable. | `bool` | `true` | no |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
+| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/field.tf b/aws-observability-terraform/examples/appmodule/field.tf
new file mode 100644
index 00000000..1b7dc985
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/field.tf
@@ -0,0 +1,97 @@
+# common fields
+resource "sumologic_field" "account" {
+    data_type  = "String"
+    field_name = "account"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "region" {
+    data_type  = "String"
+    field_name = "region"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "accountid" {
+    data_type  = "String"
+    field_name = "accountid"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "namespace" {
+    data_type  = "String"
+    field_name = "namespace"
+    state      = "Enabled"
+}
+
+# Used in ALB
+resource "sumologic_field" "loadbalancer" {
+    data_type  = "String"
+    field_name = "loadbalancer"
+    state      = "Enabled"
+}
+
+# Used in Classic LB
+resource "sumologic_field" "loadbalancername" {
+    data_type  = "String"
+    field_name = "loadbalancername"
+    state      = "Enabled"
+}
+
+# Used in API gateway
+resource "sumologic_field" "apiname" {
+    data_type  = "String"
+    field_name = "apiname"
+    state      = "Enabled"
+}
+
+# Used in DynamoDB
+resource "sumologic_field" "tablename" {
+    data_type  = "String"
+    field_name = "tablename"
+    state      = "Enabled"
+}
+
+# Used in EC2
+resource "sumologic_field" "instanceid" {
+    data_type  = "String"
+    field_name = "instanceid"
+    state      = "Enabled"
+}
+
+# Used in ECS
+resource "sumologic_field" "clustername" {
+    data_type  = "String"
+    field_name = "clustername"
+    state      = "Enabled"
+}
+
+# Used in Elasticache
+resource "sumologic_field" "cacheclusterid" {
+    data_type  = "String"
+    field_name = "cacheclusterid"
+    state      = "Enabled"
+}
+
+# Used in Lambda
+resource "sumologic_field" "functionname" {
+    data_type  = "String"
+    field_name = "functionname"
+    state      = "Enabled"
+}
+
+# Used in NLB
+resource "sumologic_field" "networkloadbalancer" {
+    data_type  = "String"
+    field_name = "networkloadbalancer"
+    state      = "Enabled"
+}
+
+# Used in RDS
+resource "sumologic_field" "dbidentifier" {
+    data_type  = "String"
+    field_name = "dbidentifier"
+    state      = "Enabled"
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/fields.sh b/aws-observability-terraform/examples/appmodule/fields.sh
new file mode 100644
index 00000000..5d4d83eb
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/fields.sh
@@ -0,0 +1,101 @@
+#! /bin/bash
+
+# ----------------------------------------------------------------------------------------------------------------------------------------------------------
+# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+# Before using this script, set following environment variables using below commands:
+# export SUMOLOGIC_ENV=""
+# export SUMOLOGIC_ACCESSID=""
+# export SUMOLOGIC_ACCESSKEY=""
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+# Validate Sumo Logic environment/deployment.
+if ! [[ "$SUMOLOGIC_ENV" =~ ^(au|ca|de|eu|jp|us2|in|fed|us1)$ ]]; then
+    echo "$SUMOLOGIC_ENV is invalid Sumo Logic deployment. For SUMOLOGIC_ENV, provide one from list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+    exit 1
+fi
+
+# Get Sumo Logic api endpoint based on SUMOLOGIC_ENV
+if [ "${SUMOLOGIC_ENV}" == "us1" ];then
+    SUMOLOGIC_BASE_URL="https://api.sumologic.com/api/"
+else
+    SUMOLOGIC_BASE_URL="https://api.${SUMOLOGIC_ENV}.sumologic.com/api/"
+fi
+
+# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
+declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+
+function get_remaining_fields() {
+    local RESPONSE
+    readonly RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/fields/quota)"
+
+    echo "${RESPONSE}"
+}
+
+# Check if we'd have at least 13 fields remaining after additional fields
+# would be created for the collection
+function should_create_fields() {
+    local RESPONSE
+    readonly RESPONSE=$(get_remaining_fields)
+
+    if ! jq -e <<< "${RESPONSE}" ; then
+        printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
+        # Credential Issue
+        return 2
+    fi
+    
+    if ! jq -e '.remaining' <<< "${RESPONSE}" ; then
+        printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
+        # Permissions/credential issuses
+        return 3
+    fi
+
+    local REMAINING
+    readonly REMAINING=$(jq -e '.remaining' <<< "${RESPONSE}")
+  
+    if [ $REMAINING -ge ${#awso_list[*]} ] ; then
+        # Function returning with success
+        return 0
+    else
+        # Capacity not enough to create new fields
+        return 1
+    fi
+}
+
+should_create_fields
+outputVal=$?
+# Sumo Logic fields in field schema - Decide to import
+if [ $outputVal == 0 ] ; then
+    # Get list of all fields present in field schema of user's Sumo Logic org.
+    readonly FIELDS_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/fields | jq '.data[]' )"
+
+    for FIELD in "${awso_list[@]}" ; do
+        FIELD_ID=$( echo "${FIELDS_RESPONSE}" | jq -r "select(.fieldName == \"${FIELD}\") | .fieldId" )
+        if [[ -z "${FIELD_ID}" ]]; then
+            # If field is not present in Sumo org, skip importing
+            continue
+        fi
+        # Field exist in Sumo org, hence import
+        terraform import \
+            sumologic_field."${FIELD}" "${FIELD_ID}"
+    done
+elif [ $outputVal == 1 ] ; then
+    echo "Couldn't automatically create fields"
+    echo "You do not have enough field capacity to create the required fields automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+elif [ $outputVal == 2 ] ; then
+    echo "Error in calling Sumo Logic Fields API."
+    echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
+elif [ $outputVal == 3 ] ; then
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+else
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+fi
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/main.auto.tfvars b/aws-observability-terraform/examples/appmodule/main.auto.tfvars
new file mode 100644
index 00000000..71210f35
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/main.auto.tfvars
@@ -0,0 +1,9 @@
+####### BELOW ARE REQUIRED PARAMETERS FOR TERRAFORM SCRIPT #######
+# Visit - https://help.sumologic.com/Solutions/AWS_Observability_Solution/03_Set_Up_the_AWS_Observability_Solution#sumo-logic-access-configuration-required
+sumologic_environment       = ""      # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, jp, us2, in, fed or us1.
+sumologic_access_id         = ""
+sumologic_access_key        = ""
+sumologic_organization_id   = ""      # Please replace <YOUR SUMO ORG ID> (including brackets) with your Sumo Logic Organization ID.
+aws_account_alias           = ""      # Please replace <YOUR AWS ACCOUNT ALIAS> with an AWS account alias for identification in Sumo Logic Explorer View, metrics and logs.
+# Example: https://api.sumologic.com/api/ Please update with your sumologic api endpoint. Refer, https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security
+sumo_api_endpoint           = ""        #"<YOUR SUMOLOGIC API ENDPOINT>"
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/main.tf b/aws-observability-terraform/examples/appmodule/main.tf
new file mode 100644
index 00000000..1df0231d
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/main.tf
@@ -0,0 +1,20 @@
+#
+# The below module is used to install apps, metric rules, Field extraction rules, Fields and Monitors.
+# NOTE - The "app-modules" should be installed per Sumo Logic organization.
+#
+module "sumo-module" {
+  source                   = "../../app-modules"
+  access_id                = var.sumologic_access_id
+  access_key               = var.sumologic_access_key
+  environment              = var.sumologic_environment
+  json_file_directory_path = dirname(path.cwd)
+  folder_installation_location = var.sumologic_folder_installation_location
+  folder_share_with_org    = var.sumologic_folder_share_with_org
+  sumologic_organization_id = var.sumologic_organization_id
+  apps_folder_name = var.apps_folder
+  monitors_folder_name = var.monitors_folder
+  alb_monitors_disabled = var.alb_monitors
+  ec2metrics_monitors_disabled = var.ec2metrics_monitors
+  ecs_monitors_disabled = var.ecs_monitors
+  elasticache_monitors_disabled = var.elasticache_monitors
+}
diff --git a/aws-observability-terraform/examples/appmodule/output.tf b/aws-observability-terraform/examples/appmodule/output.tf
new file mode 100644
index 00000000..9eb28373
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/output.tf
@@ -0,0 +1,222 @@
+output "apps_folder_id" {
+  value       = module.sumo-module.sumologic_apps_folder.id
+  description = "This output contains sumologic apps folder."
+}
+
+output "alb_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_alb.ALBApp.id
+  description = "This output contains sumologic ALB apps folder."
+}
+
+output "apigateway_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_apigateway.APIGatewayApp.id
+  description = "This output contains sumologic API Gateway apps folder."
+}
+
+output "dynamodb_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_dynamodb.DynamoDBApp.id
+  description = "This output contains sumologic DynamoDB apps folder."
+}
+
+output "ec2metrics_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_ec2metrics.EC2MetricsApp.id
+  description = "This output contains sumologic EC2 metrics apps folder."
+}
+
+output "ecs_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_ecs.ecsApp.id
+  description = "This output contains sumologic ECS apps folder."
+}
+
+output "elasticache_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_elasticache.ElastiCacheApp.id
+  description = "This output contains sumologic ElastiCacheApp apps folder."
+}
+
+output "clb_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_elb.ClassicLBApp.id
+  description = "This output contains sumologic CLB apps folder."
+}
+
+output "lambda_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_lambda.LambdaApp.id
+  description = "This output contains sumologic Lambda apps folder."
+}
+
+output "nlb_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_nlb.NlbApp.id
+  description = "This output contains sumologic NLB apps folder."
+}
+
+output "overview_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_overview.OverviewApp.id
+  description = "This output contains sumologic Overview apps folder."
+}
+
+output "rds_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_rds.RdsApp.id
+  description = "This output contains sumologic RDS apps folder."
+}
+
+output "rce_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_rce.RceApp.id
+  description = "This output contains sumologic Rce apps folder."
+}
+
+output "monitors_folder_id" {
+  value       = module.sumo-module.sumologic_monitors_folder.id
+  description = "This output contains sumologic monitors folder."
+}
+
+output "hierarchy_id" {
+  value       = module.sumo-module.sumologic_hierarchy.id
+  description = "This output contains sumologic hierarchy id."
+}
+
+# API gateway FER id
+output "sumologic_field_extraction_rule_apigateway" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_apigateway.CloudTrailFieldExtractionRule.id
+  description = "This output contains sumologic API gateway field extraction rule id."
+}
+
+# ALB FER id
+output "sumologic_field_extraction_rule_alb" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_alb.AlbAccessLogsFieldExtractionRule.id
+  description = "This output contains sumologic ALB field extraction rule id."
+}
+
+# CLB FER id
+output "sumologic_field_extraction_rule_elb" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_elb.ElbAccessLogsFieldExtractionRule.id
+  description = "This output contains sumologic CLB field extraction rule id."
+}
+
+# DynamoDB FER id
+output "sumologic_field_extraction_rule_dynamodb" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_dynamodb.CloudTrailFieldExtractionRule.id
+  description = "This output contains sumologic dynamoDB field extraction rule id."
+}
+
+# Elasticache FER id
+output "sumologic_field_extraction_rule_elasticache" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_elasticache.CloudTrailFieldExtractionRule.id
+  description = "This output contains sumologic Elasticache field extraction rule id."
+}
+
+# ECS FER id
+output "sumologic_field_extraction_rule_ecs" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_ecs.CloudTrailFieldExtractionRule.id
+  description = "This output contains sumologic ECS field extraction rule id."
+}
+
+# EC2 FER id
+# output "sumologic_field_extraction_rule_ec2metrics" {
+#   value       = module.sumo-module.sumologic_field_extraction_rule_ec2metrics.CloudTrailFieldExtractionRule.id
+#   description = "This output contains sumologic EC2 field extraction rule id."
+# }
+
+# Lambda CloudTrail FER id
+output "sumologic_field_extraction_rule_lambda" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_lambda.CloudTrailFieldExtractionRule.id
+  description = "This output contains sumologic Lambda cloudtrail field extraction rule id."
+}
+
+# Lambda CloudWatch FER id
+output "sumologic_field_extraction_rule_lambda_cw" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_lambda.CloudWatchFieldExtractionRule.id
+  description = "This output contains sumologic Lambda cloudwatch field extraction rule id."
+}
+
+# RDS FER id
+output "sumologic_field_extraction_rule_rds" {
+  value       = module.sumo-module.sumologic_field_extraction_rule_rds.CloudTrailFieldExtractionRule.id
+  description = "This output contains sumologic RDS field extraction rule id."
+}
+
+# NLB Metric rule
+output "sumologic_metric_rule_nlb" {
+  value       = module.sumo-module.sumologic_metric_rules_nlb.NLBMetricRule.triggers.name
+  description = "This output contains sumologic NLB metric rule name."
+}
+
+# RDS Cluster Metric rule
+output "sumologic_metric_rule_rds_cluster" {
+  value       = module.sumo-module.sumologic_metric_rules_rds.ClusterMetricRule.triggers.name
+  description = "This output contains sumologic RDS cluster metric rule name."
+}
+
+# RDS Instance Metric rule
+output "sumologic_metric_rule_rds_instance" {
+  value       = module.sumo-module.sumologic_metric_rules_rds.InstanceMetricRule.triggers.name
+  description = "This output contains sumologic RDS instance metric rule name."
+}
+
+output "sumologic_field_account" {
+  value       = sumologic_field.account.id
+  description = "This output contains sumologic Account field id."
+}
+
+output "sumologic_field_region" {
+  value       = sumologic_field.region.id
+  description = "This output contains sumologic Region field id."
+}
+
+output "sumologic_field_accountid" {
+  value       = sumologic_field.accountid.id
+  description = "This output contains sumologic accountid field id."
+}
+
+output "sumologic_field_namespace" {
+  value       = sumologic_field.namespace.id
+  description = "This output contains sumologic namespace field id."
+}
+
+output "sumologic_field_loadbalancer" {
+  value       = sumologic_field.loadbalancer.id
+  description = "This output contains sumologic loadbalancer field id."
+}
+
+output "sumologic_field_loadbalancername" {
+  value       = sumologic_field.loadbalancername.id
+  description = "This output contains sumologic loadbalancername field id."
+}
+
+output "sumologic_field_apiname" {
+  value       = sumologic_field.apiname.id
+  description = "This output contains sumologic apiname field id."
+}
+
+output "sumologic_field_tablename" {
+  value       = sumologic_field.tablename.id
+  description = "This output contains sumologic tablename field id."
+}
+
+output "sumologic_field_instanceid" {
+  value       = sumologic_field.instanceid.id
+  description = "This output contains sumologic instanceid field id."
+}
+
+output "sumologic_field_clustername" {
+  value       = sumologic_field.clustername.id
+  description = "This output contains sumologic clustername field id."
+}
+
+output "sumologic_field_cacheclusterid" {
+  value       = sumologic_field.cacheclusterid.id
+  description = "This output contains sumologic cacheclusterid field id."
+}
+
+output "sumologic_field_functionname" {
+  value       = sumologic_field.functionname.id
+  description = "This output contains sumologic functionname field id."
+}
+
+output "sumologic_field_networkloadbalancer" {
+  value       = sumologic_field.networkloadbalancer.id
+  description = "This output contains sumologic networkloadbalancer field id."
+}
+
+output "sumologic_field_dbidentifier" {
+  value       = sumologic_field.dbidentifier.id
+  description = "This output contains sumologic dbidentifier field id."
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/providers.tf b/aws-observability-terraform/examples/appmodule/providers.tf
new file mode 100644
index 00000000..413e6d80
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/providers.tf
@@ -0,0 +1,21 @@
+provider "sumologic" {
+  environment = var.sumologic_environment
+  access_id   = var.sumologic_access_id
+  access_key  = var.sumologic_access_key
+  admin_mode  = var.sumologic_folder_installation_location == "Personal Folder" ? false : true
+}
+
+provider "aws" {
+  region = "us-east-1"
+  #
+  # Below properties should be added when you would like to onboard more than one region and account
+  # More Information regarding AWS Profile can be found at -
+  #
+  # Access configuration
+  #
+  # profile = <Provide a profile as setup in AWS CLI>
+  #
+  # Terraform alias
+  #
+  # alias = <Provide a terraform alias for the aws provider. For eg :- production-us-east-1>
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/variables.tf b/aws-observability-terraform/examples/appmodule/variables.tf
new file mode 100644
index 00000000..0bc0872c
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/variables.tf
@@ -0,0 +1,137 @@
+variable "sumologic_environment" {
+  type        = string
+  description = "Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+
+  validation {
+    condition = contains([
+      "au",
+      "ca",
+      "de",
+      "eu",
+      "jp",
+      "us1",
+      "us2",
+      "in",
+    "fed"], var.sumologic_environment)
+    error_message = "The value must be one of au, ca, de, eu, jp, us1, us2, in, or fed."
+  }
+}
+
+variable "sumologic_access_id" {
+  type        = string
+  description = "Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_access_id))
+    error_message = "The SumoLogic access ID must contain valid characters."
+  }
+}
+
+variable "sumologic_access_key" {
+  type        = string
+  description = "Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+  #sensitive = true
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_access_key))
+    error_message = "The SumoLogic access key must contain valid characters."
+  }
+  
+}
+
+variable "sumologic_organization_id" {
+  type        = string
+  description = <<EOT
+            You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."
+            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page
+        EOT
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_organization_id))
+    error_message = "The organization ID must contain valid characters."
+  }
+}
+
+variable "aws_account_alias" {
+  type        = string
+  description = <<EOT
+            Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.
+            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.
+            Do not include special characters in the alias.
+        EOT
+  validation {
+    condition     = can(regex("[a-z0-9]*", var.aws_account_alias))
+    error_message = "Alias must only contain lowercase letters, number and length less than or equal to 30 characters."
+  }
+}
+
+variable "sumologic_folder_installation_location" {
+  type        = string
+  description = "Indicates where to install the app folder. Enter \"Personal Folder\" for installing in \"Personal\" folder and \"Admin Recommended Folder\" for installing in \"Admin Recommended\" folder."
+  validation {
+    condition = contains([
+      "Personal Folder",
+      "Admin Recommended Folder"], var.sumologic_folder_installation_location)
+    error_message = "The value must be one of \"Personal Folder\" or \"Admin Recommended Folder\"."
+  }
+  default     = "Personal Folder"
+
+}
+
+variable "sumologic_folder_share_with_org" {
+  type        = bool
+  description = "Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable."
+  default     = true
+
+}
+
+variable "sumo_api_endpoint" {
+  type = string
+  validation {
+    condition = contains([
+      "https://api.au.sumologic.com/api/",
+    "https://api.ca.sumologic.com/api/", "https://api.de.sumologic.com/api/", "https://api.eu.sumologic.com/api/", "https://api.fed.sumologic.com/api/", "https://api.in.sumologic.com/api/", "https://api.jp.sumologic.com/api/", "https://api.sumologic.com/api/", "https://api.us2.sumologic.com/api/"], var.sumo_api_endpoint)
+    error_message = "Argument \"sumo_api_endpoint\" must be one of the values specified at https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security."
+  }
+}
+
+variable "apps_folder" {
+  type        = string
+  description = <<EOT
+            Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
+            Default value will be: AWS Observability Apps
+        EOT
+  default     = "AWS Observability Apps"
+}
+
+variable "monitors_folder" {
+  type        = string
+  description = <<EOT
+            Provide a folder name where all the monitors will be installed under Monitor Folder.
+            Default value will be: AWS Observability Monitors
+        EOT
+  default     = "AWS Observability Monitors"
+}
+
+variable "alb_monitors" {
+  type        = bool
+  description = "Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "ec2metrics_monitors" {
+  type        = bool
+  description = "Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "ecs_monitors" {
+  type        = bool
+  description = "Indicates if ECS Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "elasticache_monitors" {
+  type        = bool
+  description = "Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/versions.tf b/aws-observability-terraform/examples/appmodule/versions.tf
new file mode 100644
index 00000000..75909178
--- /dev/null
+++ b/aws-observability-terraform/examples/appmodule/versions.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.42.0, < 4.0.0"
+    }
+    sumologic = {
+      version = "= 2.13.0"
+      source  = "SumoLogic/sumologic"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.7.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.1.0"
+    }
+  }
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Alb-App.json b/aws-observability-terraform/examples/aws-observability/json/Alb-App.json
new file mode 100644
index 00000000..df9d0f55
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Alb-App.json
@@ -0,0 +1,3037 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS Application Load Balancer",
+    "description": "The Sumo Logic App for AWS Application Load Balancer is a unified logs and metrics (ULM) App that gives you visibility into the health of your Application Load Balancer and target groups. Use the preconfigured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone and target group.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Application Load Balancer - Overview",
+            "description": "See the overview of Application load balancer including the requests, healthy and unhealthy host count, target response time, active connections, and client TLS error.",
+            "title": "1. AWS Application Load Balancer - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-1b6c3f98bd2fa94a",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-b28e428595aa7841",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-3c5686918c144a48",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-01a4cebc9d796a44",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-5d596c23a60d9b43",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-5711200884094842",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-f8e1e750b651c843",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-3919c994a29d9b4a",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":36}"
+                    },
+                    {
+                        "key": "panelpane-ed2772e08225f840",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelpane-97c80ce1b96ed948",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-84EA9744A2C6BB47",
+                        "structure": "{\"height\":12,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-AEBA84C2BE464B40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-BFCE029B9E625B46",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-C44F0671A5AFEA41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":6}"
+                    },
+                    {
+                        "key": "panel4A7F28558036BA4D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-5AE57A6E80107B44",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-1b6c3f98bd2fa94a",
+                    "title": "Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"valueFontSize\":24,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":16,\"label\":\"Hosts\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HealthyHostCount Statistic=Average | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b28e428595aa7841",
+                    "title": "Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"label\":\"Hosts\",\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=UnHealthyHostCount Statistic=Average | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3c5686918c144a48",
+                    "title": "Target Connection Errors",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#527b01\"},{\"from\":10,\"to\":20,\"color\":\"#b18209\"},{\"from\":20,\"to\":null,\"color\":\"#b63010\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= TargetConnectionErrorCount Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-01a4cebc9d796a44",
+                    "title": "New Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Connections\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= NewConnectionCount Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5d596c23a60d9b43",
+                    "title": "Active Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Connections\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= ActiveConnectionCount Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5711200884094842",
+                    "title": "Rejected Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Connections\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= RejectedConnectionCount Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f8e1e750b651c843",
+                    "title": "Client TLS Errors by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Errors\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ClientTLSNegotiationErrorCount  Statistic=sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3919c994a29d9b4a",
+                    "title": "Overall Healthy vs Unhealthy Host Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Host Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Healthy Host - {{loadbalancer}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"UnHealthy Host - {{loadbalancer}}\"}}],\"color\":{\"family\":\"scheme7\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ed2772e08225f840",
+                    "title": "Requests Served by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=RequestCount Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-97c80ce1b96ed948",
+                    "title": "4XX by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_4XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-84EA9744A2C6BB47",
+                    "title": "Request Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AEBA84C2BE464B40",
+                    "title": "Load Balancer Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetResponseTime Statistic=Average | eval(_value*1000) | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BFCE029B9E625B46",
+                    "title": "5xx Error Codes by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_5XX_Count  Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C44F0671A5AFEA41",
+                    "title": "4xx Error Codes by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#75bf00\"},{\"from\":10,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_4XX_Count  Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4A7F28558036BA4D",
+                    "title": "5XX by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_5XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-5AE57A6E80107B44",
+                    "title": "Threat Intel Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#8ecc1b\"},{\"from\":1,\"to\":5,\"color\":\"#f6c851\"},{\"from\":5,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancer, account, region, namespace\n| sort by ThreatCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Application Load Balancer - Response Analysis",
+            "description": "See the details of the Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.",
+            "title": "1. AWS Application Load Balancer - Response Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-6431EF94BE865945",
+                        "structure": "{\"height\":1,\"width\":8,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-9488B966ABC1E940",
+                        "structure": "{\"height\":1,\"width\":8,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panel80A18A0EB225FB4B",
+                        "structure": "{\"height\":1,\"width\":8,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panel373343E8B68AA846",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-351E28339D1FDB40",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":7}"
+                    },
+                    {
+                        "key": "panelAA81D9348A212B4B",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelFAD82336AEDD0B49",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-CCFCC1BB99CA3843",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelE7BD64DF89B9B94E",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}"
+                    },
+                    {
+                        "key": "panel849F83B5B73CC844",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}"
+                    },
+                    {
+                        "key": "panel848E183B8031884D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}"
+                    },
+                    {
+                        "key": "panel114E4560B4917A43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-4E589BF4AEA7D84B",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-6431EF94BE865945",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"backgroundColor\":\"#f36644\",\"textColor\":\"#222d3b\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Load Balancer 5XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9488B966ABC1E940",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Load Balancer 4XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel80A18A0EB225FB4B",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Load Balancer 3XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel373343E8B68AA846",
+                    "title": "5XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=HTTPCode_ELB_5XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-351E28339D1FDB40",
+                    "title": "Client Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelAA81D9348A212B4B",
+                    "title": "Client Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelFAD82336AEDD0B49",
+                    "title": "Client Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CCFCC1BB99CA3843",
+                    "title": "Events - 5XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE7BD64DF89B9B94E",
+                    "title": "4XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=HTTPCode_ELB_4XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel849F83B5B73CC844",
+                    "title": "3XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=HTTPCode_ELB_3XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel848E183B8031884D",
+                    "title": "Events - 4XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel114E4560B4917A43",
+                    "title": "Events - 3XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4E589BF4AEA7D84B",
+                    "title": "Response Codes Distribution by Domain and URI",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (ElbStatusCode matches \"5*\",1,0) as ELB_5XX\n| if (ElbStatusCode matches \"4*\",1,0) as ELB_4XX\n| if (ElbStatusCode matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancer, Domain, URI\n| limit 20\n| sort by ELB_5XX",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Application Load Balancer - Target Group Response Analysis",
+            "description": "See the details of the Target Group HTTP codes 2XX, 3XX, 4XX, and 5XX by target group, availability zone, and load balancer.",
+            "title": "2. AWS Application Load Balancer - Target Group Response Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-EFB93C23B0ABA948",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel05DD969FA8F84846",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panelE8037BA1BAFE4840",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panel11E5E924B7E46B4D",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panelPANE-31F3A4E7852C484F",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel8D3D1B68A68C1B49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelA52CD401A29F7942",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelDF364B0988414A44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-2A2CE58CB024284B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelDCE3556190369A4B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panel74660D2CA5358B47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}"
+                    },
+                    {
+                        "key": "panelA5A5D6698A94CB4F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}"
+                    },
+                    {
+                        "key": "panel13B1911EADE35944",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-EFB93C23B0ABA948",
+                    "title": "5xx",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f36644\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Target Group 5XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel05DD969FA8F84846",
+                    "title": "2XX",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#75bf00\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Target Group 2XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panelE8037BA1BAFE4840",
+                    "title": "4xx",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Target Group 4XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel11E5E924B7E46B4D",
+                    "title": "3XX",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Target Group 3XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-31F3A4E7852C484F",
+                    "title": "Response Codes Distribution by Domain and URI",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| if (TargetStatusCode matches \"5*\",1,0) as Target_5XX\n| if (TargetStatusCode matches \"4*\",1,0) as Target_4XX\n| if (TargetStatusCode matches \"3*\",1,0) as Target_3XX\n| if (TargetStatusCode matches \"2*\",1,0) as Target_2XX\n| sum(Target_5XX) as Target_5XX, sum(Target_4XX) as Target_4XX, sum(Target_3XX) as Target_3XX, sum(Target_2XX) as Target_2XX by loadbalancer, TargetGroup, Domain, URI\n| limit 20\n| sort by Target_5XX, Target_4XX, Target_3XX, Target_2XX",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8D3D1B68A68C1B49",
+                    "title": "4XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_4XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA52CD401A29F7942",
+                    "title": "2XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_2XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDF364B0988414A44",
+                    "title": "3XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_3XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2A2CE58CB024284B",
+                    "title": "Events - 5XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"5*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDCE3556190369A4B",
+                    "title": "Events - 4XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"4*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel74660D2CA5358B47",
+                    "title": "Events - 3XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"3*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA5A5D6698A94CB4F",
+                    "title": "Events - 2XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"2*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel13B1911EADE35944",
+                    "title": "5XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_5XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS Application Load Balancer - Latency Overview",
+            "description": "See the details of latency in your application load balancer by target group, availability zone, and load balancer.",
+            "title": "3. AWS Application Load Balancer - Latency Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-8fb7ac20b210584f",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-46aba672bb08b846",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-3ebb85e685bf1b4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-c1ca3098892bea40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-c301d958990e694d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-42811CC2ADA89846",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-BAF589A28E007840",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":7}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-8fb7ac20b210584f",
+                    "title": "Target Response Time (seconds)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Seconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetResponseTime Statistic=Average targetgroup=* AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-46aba672bb08b846",
+                    "title": "Max and Average Total Client Latency by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (RequestProcessingTime+TargetProcessingTime+ResponseProcessingTime) as ClientLatency\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by TargetGroup\n| order by MaximumClientLatency",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3ebb85e685bf1b4f",
+                    "title": "Max and Average Target Processing Time by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(TargetProcessingTime) as AverageTargetProcessingTime, max(TargetProcessingTime) as MaximumTargetProcessingTime by TargetGroup\n| order by MaximumTargetProcessingTime\n\n\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c1ca3098892bea40",
+                    "title": "Average Total Client Latency Over Time by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (RequestProcessingTime+TargetProcessingTime+ResponseProcessingTime) as ClientLatency\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by TargetGroup ,_timeslice\n| transpose row _timeslice column TargetGroup\n\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c301d958990e694d",
+                    "title": "Average Target Processing Time Over Time by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(TargetProcessingTime) as AverageTargetProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-42811CC2ADA89846",
+                    "title": "Response",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Target Response Time"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BAF589A28E007840",
+                    "title": "Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Events - Backend Latency"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS Application Load Balancer - Latency Details",
+            "description": "See the details of latency in your application load balancer including the average and maximum request and response processing time, by target group and ELB server.",
+            "title": "4. AWS Application Load Balancer - Latency Details",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-e21d1869af8bbb43",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-50edccbfa1cd8b4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-39d07f8699151b42",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-9ce61eae9fc92848",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-6fda9ea0b259db4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-256726aaafcdba4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-d9489b8ebd5daa4c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-fee25a48afe96841",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-9fa04ab689a4594a",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panelPANE-BCC4A01F93DBD84C",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-e21d1869af8bbb43",
+                    "title": "Defintions",
+                    "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#ffffff\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "#### All Time units are in Seconds\n\n#### **Client Latency** = ( RequestProcessingTime + TargetProcessingTime + ResponseProcessingTime)\n\n#### **RequestProcessingTime** = The total time elapsed from the time the load balancer received the request until the time it sent it to a registered instance.\n\n#### **ResponseProcessingTime** = The total time elapsed from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.\n\n#### **TargetProcessingTime** = The total time elapsed from the time the load balancer sent the request to a registered instance until the instance started to send the response headers."
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-50edccbfa1cd8b4f",
+                    "title": "Events - Client Latency by Domain",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-39d07f8699151b42",
+                    "title": "Events - Client Latency by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, loadbalancer \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancer, TotalProcessTime \n| transpose row _timeslice column loadbalancer\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9ce61eae9fc92848",
+                    "title": "Events - Average Request Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6fda9ea0b259db4f",
+                    "title": "Events - Average Response Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-256726aaafcdba4d",
+                    "title": "Events - Average Request Processing Time by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d9489b8ebd5daa4c",
+                    "title": "Events - Max Request Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| max(RequestProcessingTime) as MaximumRequestProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fee25a48afe96841",
+                    "title": "Events - Max Response Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(ResponseProcessingTime) as MaximumResponseProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9fa04ab689a4594a",
+                    "title": "Events - Top 20 Client Latency by Paths",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by uri\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20\n\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BCC4A01F93DBD84C",
+                    "title": "Events - Average Response Processing Time by Target Group",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. AWS Application Load Balancer - Connections and Host Status",
+            "description": "See the details of request and host status including the average unhealthy host count, and healthy host count by target group, availability zone, and load balancer, and request count, outliers in requests by backend, and requests by target.",
+            "title": "5. AWS Application Load Balancer - Connections and Host Status",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-72162e80bf98794a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-3f69e9d8acb63944",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-b0dcb7ce9acff84d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-0a6b3b1a8e6f2a4d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-256d7e9895990b46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-AC8CEF56B14A3B49",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelA50246B29A29584D",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panel248E85BAAAC3FA49",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panel93A07615B0C15B44",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelF582E76F8F681B46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelDCF2F2A88E731942",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":8}"
+                    },
+                    {
+                        "key": "panel15B701BABC802B4F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-72162e80bf98794a",
+                    "title": "Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=UnHealthyHostCount Statistic=Average AvailabilityZone=* TargetGroup=* | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3f69e9d8acb63944",
+                    "title": "Target Connections Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetConnectionErrorCount Statistic=Sum AvailabilityZone=* TargetGroup=* | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b0dcb7ce9acff84d",
+                    "title": "Active Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ActiveConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0a6b3b1a8e6f2a4d",
+                    "title": "New Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= NewConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-256d7e9895990b46",
+                    "title": "Rejected Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=RejectedConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AC8CEF56B14A3B49",
+                    "title": "Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Connections"
+                },
+                {
+                    "id": null,
+                    "key": "panelA50246B29A29584D",
+                    "title": "Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Connections Errors"
+                },
+                {
+                    "id": null,
+                    "key": "panel248E85BAAAC3FA49",
+                    "title": "Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Unhealthy Hosts"
+                },
+                {
+                    "id": null,
+                    "key": "panel93A07615B0C15B44",
+                    "title": "Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Healthy Hosts"
+                },
+                {
+                    "id": null,
+                    "key": "panelF582E76F8F681B46",
+                    "title": "Client TLS Negotiation Error Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ClientTLSNegotiationErrorCount Statistic=Sum  AvailabilityZone=* | sum by account, region, namespace, loadbalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDCF2F2A88E731942",
+                    "title": "Target TLS Negotiation Error Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetTLSNegotiationErrorCount Statistic=Sum  AvailabilityZone=* TargetGroup=* | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel15B701BABC802B4F",
+                    "title": "Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HealthyHostCount Statistic=Average AvailabilityZone=* TargetGroup=* | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6. AWS Application Load Balancer - Requests and Processed Bytes",
+            "description": "See the details of requests and Processed bytes for your application load balancer.",
+            "title": "6. AWS Application Load Balancer - Requests and Processed Bytes",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-2fb20d99840ff849",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-7836817bb708584c",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-9b153d55a89e9849",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-0a893b479b02184f",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelPANE-EFE34823AB0FD841",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel9C8F307FA318284A",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-B00C3708A858994E",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panel15C0E6E0A725A84E",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panel506081A3919ACA4A",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel6A37B8FBA033EB4D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-2fb20d99840ff849",
+                    "title": "Events - Outlier (Decrease) Requests  by Backend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetIp\n| outlier _count by TargetIp threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, TargetIp, _count \n| transpose row _timeslice column TargetIp",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7836817bb708584c",
+                    "title": "Events - Outlier (Increase) Requests by Backend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetIp\n| outlier _count by TargetIp threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(TargetIp)\n| fields _timeslice, TargetIp, _count \n| transpose row _timeslice column TargetIp",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9b153d55a89e9849",
+                    "title": "Events - Outlier (Decrease) Requests by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetGroup\n| outlier _count by TargetGroup threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, TargetGroup, _count \n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0a893b479b02184f",
+                    "title": "Events - Outlier (Increase) Requests by Target Group",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetGroup\n| outlier _count by TargetGroup threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, TargetGroup, _count \n| transpose row _timeslice column TargetGroup",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EFE34823AB0FD841",
+                    "title": "Request Counts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}} \"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= RequestCount TargetGroup=* statistic=sum | sum by account, region, namespace, loadbalancer, TargetGroup",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9C8F307FA318284A",
+                    "title": "Processed Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ProcessedBytes Statistic=Sum | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B00C3708A858994E",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Requests to Backend Servers"
+                },
+                {
+                    "id": null,
+                    "key": "panel15C0E6E0A725A84E",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Requests by Target Group"
+                },
+                {
+                    "id": null,
+                    "key": "panel506081A3919ACA4A",
+                    "title": "Received Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(ReceivedBytes) as ReceivedBytes by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6A37B8FBA033EB4D",
+                    "title": "Sent Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(SentBytes) as SentBytes by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "7. AWS Application Load Balancer - Threat Intel",
+            "description": "See the details of IP threats including the count, location, and highly malicious IP threats.",
+            "title": "7. AWS Application Load Balancer - Threat Intel",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-3b762241ac0aba4d",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-c08479a8a0390b4d",
+                        "structure": "{\"height\":6,\"width\":16,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-b8ffc92b8b722a41",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-c605d948852ffb48",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-642147F890E0F848",
+                        "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-3AA22D409203F942",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-3b762241ac0aba4d",
+                    "title": "All IP Threat Count",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Threats\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c08479a8a0390b4d",
+                    "title": "Highly Malicious IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b8ffc92b8b722a41",
+                    "title": "All IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c605d948852ffb48",
+                    "title": "Malicious Confidence",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-642147F890E0F848",
+                    "title": "Threat Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3AA22D409203F942",
+                    "title": "Top URI's Accessed by Highly Malicious Threat IPs",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Alerts-App.json b/aws-observability-terraform/examples/aws-observability/json/Alerts-App.json
new file mode 100644
index 00000000..2ecae908
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Alerts-App.json
@@ -0,0 +1,1701 @@
+{
+  "name": "AWS Observability",
+  "description": "",
+  "type": "MonitorsLibraryFolderExport",
+  "children": [
+    {
+      "name": "AWS API Gateway - High Latency",
+      "description": "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 1000,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 1000,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon Elasticache - High Engine CPU Utilization",
+      "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is  high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 90,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 90,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS EC2 - High Memory Utilization",
+      "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon Elasticache - Low Redis Cache Hit Rate",
+      "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If  cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS API Gateway - High 5XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Application Load Balancer - High Latency",
+      "description": "This alert fires when we detect that the average latency for a given Application load balancer within a time interval of 5 minutes is greater than or equal to three seconds.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/applicationelb metric=TargetResponseTime Statistic=Average account=* region=* loadbalancer=* | eval(_value*1000) | sum by account, region, namespace, loadbalancer"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 3000,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 3000,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon ECS - High Memory Utilization",
+      "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average  account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon RDS - High Write Latency",
+      "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Application Load Balancer - High 4XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along loadbalancer, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon RDS - Low Burst Balance",
+      "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 50,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 50,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Classic Load Balancer - Access from Highly Malicious Sources",
+      "description": "This alert fires when the Classic load balancer is accessed from highly malicious IP addresses within last 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "LogsStaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "GreaterThan",
+          "field": ""
+        },
+        {
+          "detectionMethod": "LogsStaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "LessThanOrEqual",
+          "field": ""
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Classic Load Balancer - High 5XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along loadbalancername, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "occurrenceType": "Always"
+        },
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "occurrenceType": "Always"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Network Load Balancer - High Unhealthy Hosts",
+      "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 10,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 10,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS API Gateway - High Integration Latency",
+      "description": "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 1000,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 1000,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Lambda - High Percentage of Failed Requests",
+      "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along functionname, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Application Load Balancer - High 5XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along loadbalancer, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio",
+      "description": "This alert fires when the average Redis memory fragmentation ratio for within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 Indicate significant memory fragmentation.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elasticache metric=MemoryFragmentationRatio statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 1.5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 1.5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon Elasticache - High CPU Utilization",
+      "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is  high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring  CPU utilization for hosts with two vCPUs or less.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 90,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 90,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio",
+      "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 50,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 50,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS API Gateway - High 4XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along apiname, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS EC2 - High Total CPU Utilization",
+      "description": "This alert fires when the average total CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/ec2 metric=CPU_Total account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Classic Load Balancer - High Latency",
+      "description": "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 3000,
+          "thresholdType": "GreaterThanOrEqual",
+          "occurrenceType": "Always"
+        },
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 3000,
+          "thresholdType": "LessThan",
+          "occurrenceType": "Always"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS EC2 - High Disk Utilization",
+      "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon ECS - High CPU Utilization",
+      "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Network Load Balancer - High TLS Negotiation Errors",
+      "description": "This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "(#A + #B) along LoadBalancer, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 10,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 10,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon Elasticache - Multiple Failed Operations",
+      "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\"  as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-15m",
+          "threshold": 10,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-15m",
+          "threshold": 10,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon Elasticache - High Redis Database Memory Usage",
+      "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 95,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 95,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS EC2 - High System CPU Utilization",
+      "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Lambda - Low Provisioned Concurrency Utilization",
+      "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 50,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 50,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity",
+      "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity",
+      "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS DynamoDB - Multiple Tables deleted",
+      "description": "This alert fires when we detect multiple failed operations for Elasticache service within 15 minutes",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-15m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-15m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": ""
+    },
+    {
+      "name": "AWS DynamoDB - High Account Provisioned Write Capacity",
+      "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon RDS - High Read Latency",
+      "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Application Load Balancer - Access from Highly Malicious Sources",
+      "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": ""
+    },
+    {
+      "name": "AWS Classic Load Balancer - High 4XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along loadbalancername, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "occurrenceType": "Always"
+        },
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "occurrenceType": "Always"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon RDS - High CPU Utilization",
+      "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 85,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "Amazon RDS - High Disk Queue Depth",
+      "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    },
+    {
+      "name": "AWS DynamoDB - High Account Provisioned Read Capacity",
+      "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "GreaterThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "LessThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": ""
+    }
+  ]
+}
diff --git a/aws-observability-terraform/examples/aws-observability/json/Api-Gateway-App.json b/aws-observability-terraform/examples/aws-observability/json/Api-Gateway-App.json
new file mode 100644
index 00000000..46288e83
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Api-Gateway-App.json
@@ -0,0 +1,2009 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS API Gateway",
+    "description": "The Sumo Logic App for AWS API Gateway provides visibility into your Amazon APIGateway Service Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your API Gateway Infrastructure.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS API Gateway - Latency, Cache",
+            "description": "AWS API Gateway - Latency, Cache dashboard provides insights into API Gateway performance including API requests, latency, API cache hits, and back-end cache misses.",
+            "title": "1. AWS API Gateway - Latency, Cache",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "apiname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-1282e8dc8b362944",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-07fe4834864daa40",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-d8cca1fd9e28fa4e",
+                        "structure": "{\"height\":2,\"width\":12,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-be2d46b2823fbb44",
+                        "structure": "{\"height\":2,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-825676c9a42b7844",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelpane-95b93c0ea7c2694f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panelpane-de1fae9b96f50949",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-611d41d29c4b0b46",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-86be2b008a2db942",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-903472b3b1481b4a",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":15}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-1282e8dc8b362944",
+                    "title": "API Calls Over Time",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-07fe4834864daa40",
+                    "title": " API Requests (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today, {{apiname}}\"}},{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{apiname}}\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d8cca1fd9e28fa4e",
+                    "title": "Latency",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\",\"alignment\":\"left\",\"fontSize\":16},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Time in between API Gateway receives request from client and returns response to the client"
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-be2d46b2823fbb44",
+                    "title": "‎Integration Latency",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\",\"fontSize\":16,\"alignment\":\"left\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Time in between API Gateway relays request to backend and receives response from backend"
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-825676c9a42b7844",
+                    "title": "Average Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Millisecond\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-95b93c0ea7c2694f",
+                    "title": "Average Integration Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Millisecond\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-de1fae9b96f50949",
+                    "title": "Cache Hit Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Cache Hit Rate\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CacheHitCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100 ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-611d41d29c4b0b46",
+                    "title": "Cache Miss Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Cache Miss Rate\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CacheMissCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-86be2b008a2db942",
+                    "title": " Requests Served From API Cache (Cache Hits)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-903472b3b1481b4a",
+                    "title": "Requests Served From Back-end (Cache Misses)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS API Gateway - Overview",
+            "description": "AWS API Gateway - Overview dashboard provides insights into API Gateway performance throughout your infrastructure, including API calls, latency, client and server-side errors, API cache hits, and back-end cache misses.",
+            "title": "1. AWS API Gateway - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-1282e8dc8b362944",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-d8cca1fd9e28fa4e",
+                        "structure": "{\"height\":2,\"width\":12,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-be2d46b2823fbb44",
+                        "structure": "{\"height\":2,\"width\":12,\"x\":12,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-afb5d2309a793847",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":31}"
+                    },
+                    {
+                        "key": "panelpane-825676c9a42b7844",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-0f271c0fbb72984c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":31}"
+                    },
+                    {
+                        "key": "panelpane-aac836daa8753b49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":38}"
+                    },
+                    {
+                        "key": "panelpane-3f51a1d2b3563b4c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":38}"
+                    },
+                    {
+                        "key": "panelpane-de1fae9b96f50949",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-86be2b008a2db942",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":37}"
+                    },
+                    {
+                        "key": "panelpane-903472b3b1481b4a",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":37}"
+                    },
+                    {
+                        "key": "panelpane-30914953bcc44b4e",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-2e8c53a18e9a484c",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-70bda313b0965946",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-7a458955b12bd94e",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-c557c5d28b2c684f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-51ff6a2cae479944",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panelpane-30c3b615b3da684f",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-F43AE7E8952D5A40",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":1}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-1282e8dc8b362944",
+                    "title": "All API Calls",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d8cca1fd9e28fa4e",
+                    "title": "Latency",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\",\"alignment\":\"left\",\"fontSize\":16,\"format\":\"text\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Overall Latency in ms"
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-be2d46b2823fbb44",
+                    "title": "‎Integration Latency",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\",\"fontSize\":16,\"alignment\":\"left\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Time in between API Gateway relays request to backend and receives response from backend"
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-afb5d2309a793847",
+                    "title": "Average Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Millisecond\"}},\"overrides\":[{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\"}},{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-825676c9a42b7844",
+                    "title": "5XX Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Sum of 5XX Errors\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=5XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0f271c0fbb72984c",
+                    "title": "Average Integration Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Millisecond\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-aac836daa8753b49",
+                    "title": "Cache Hit Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Cache Hit Rate \"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CacheHitCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3f51a1d2b3563b4c",
+                    "title": "Cache Miss Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Cache Miss Rate \"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CacheMissCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account | eval _value * 100",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-de1fae9b96f50949",
+                    "title": "4XX Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Sum of 4XX Errors\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=4XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-86be2b008a2db942",
+                    "title": " Requests Served From API Cache (Cache Hits)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-903472b3b1481b4a",
+                    "title": "Requests Served From Back-end (Cache Misses)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-30914953bcc44b4e",
+                    "title": "Client Side Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2e8c53a18e9a484c",
+                    "title": "Server Side Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-70bda313b0965946",
+                    "title": "API Calls",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Total Calls\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7a458955b12bd94e",
+                    "title": "Unique API Calls",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Maximum\",\"label\":\"Unique Calls\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c557c5d28b2c684f",
+                    "title": "API Calls by apiname",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Calls\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname | eval round(_value)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-51ff6a2cae479944",
+                    "title": "Average Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":500,\"color\":\"#75bf00\"},{\"from\":500,\"to\":1000,\"color\":\"#f6c851\"},{\"from\":1000,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-30c3b615b3da684f",
+                    "title": "Average Integration Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":500,\"color\":\"#75bf00\"},{\"from\":500,\"to\":1000,\"color\":\"#f6c851\"},{\"from\":1000,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F43AE7E8952D5A40",
+                    "title": " API Requests (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by account, region, namespace | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=sum account={{account}} region={{region}} apiname={{apiname}} | sum by account, region, namespace | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS API Gateway - 4XX and 5XX Errors",
+            "description": "AWS API Gateway - 4xx and 5xx Errors dashboard provides insights into API Gateway HTTP 4xx and 5xx code errors throughout your infrastructure, including API requests, client-side errors, and server-side errors.",
+            "title": "2. AWS API Gateway - 4XX and 5XX Errors",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "apiname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-4d3d7212b5a8484a",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelpane-ddc0c4fd966e4844",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelpane-ecbd97eab891e846",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-4b69798bbe22784a",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-62f5162ba859eb45",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-ecd366908889b943",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":16}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-4d3d7212b5a8484a",
+                    "title": "4XX Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Sum of 4XX Errors\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=4XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ddc0c4fd966e4844",
+                    "title": "5XX Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Sum of 5XX Errors\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=5XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ecbd97eab891e846",
+                    "title": "API Requests (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Requests\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today, {{apiname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{apiname}}\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} | sum by apiname, namespace, region, account | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4b69798bbe22784a",
+                    "title": "All API Calls",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-62f5162ba859eb45",
+                    "title": "Client Side Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ecd366908889b943",
+                    "title": "Server Side Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"text\",\"text\":\"\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS API Gateway - Audit Events",
+            "description": "AWS API Gateway - Audit Events dashboard provides detailed audit insights into API Gateway events by various dimensions including event names, trends, regions, user agents, and recipient account IDs.",
+            "title": "2. AWS API Gateway - Audit Events",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-d39a82d0b687ab49",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":27}"
+                    },
+                    {
+                        "key": "panelpane-78017f49a1d96a4a",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":6,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-C60FE45FAF802B4D",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-54D6935CA0D19846",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-D3C4BB28A83C9947",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-A9432A4D87BED943",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-79C1069AAE9C2948",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-8D29F0E780F36846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-2EA5D39A9A67D846",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-A839F6B38A2CD840",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-FBDDCA8195930A44",
+                        "structure": "{\"height\":7,\"width\":18,\"x\":6,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-A9420681BB19294B",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-E9024AE2A1BFCB4F",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":34}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-d39a82d0b687ab49",
+                    "title": "Events Trend by Event Name",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Events\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" eventName account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count as eventCount by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-78017f49a1d96a4a",
+                    "title": "Top User Agents",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" userAgent account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user_agent\n| sort by eventCount, user_agent asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C60FE45FAF802B4D",
+                    "title": "Failure Activity Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")  and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-54D6935CA0D19846",
+                    "title": "Successful Activity Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-D3C4BB28A83C9947",
+                    "title": "Event Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"pie\"}},{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"pie\"}},{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"pie\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventStatus\n| sort by eventCount, eventStatus asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A9432A4D87BED943",
+                    "title": "Event Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"column\"}},{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"column\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count by _timeslice, eventStatus\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-79C1069AAE9C2948",
+                    "title": "Top Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by errorCode \n| top 10 errorCode by eventCount, errorCode asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8D29F0E780F36846",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2EA5D39A9A67D846",
+                    "title": "Failed Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop \n| json field=responseElements \"name\", \"Message\" as ApiName, responseMessage nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorMessage), responseMessage, errorMessage) as errorMessage\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, errorCode, errorMessage, Region, src_ip, accountId, user, type, requestID, user_agent\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A839F6B38A2CD840",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FBDDCA8195930A44",
+                    "title": "Successful Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, Region, src_ip, accountId, user, type, requestID, user_agent, ApiName\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A9420681BB19294B",
+                    "title": "Top Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by type, user\n| topk(10, eventCount) by type | fields -_rank",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E9024AE2A1BFCB4F",
+                    "title": "Threat Table based on Caller IP Address",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS API Gateway - Enhanced Monitoring",
+            "description": "AWS API Gateway - Enhanced Monitoring dashboard provides detailed insights into API Gateway performance throughout your infrastructure, including the number and types of API calls, API resources, cache hits and misses, latency averages, and errors by HTTP method.",
+            "title": "3. AWS API Gateway - Enhanced Monitoring",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "apiname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-bf711447aeb87a4d",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelpane-0c6ca348a22a684a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-fcf2a359aca4f947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-1bd728408f442a49",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":3}"
+                    },
+                    {
+                        "key": "panelpane-134c2b108813b846",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":5,\"y\":3}"
+                    },
+                    {
+                        "key": "panelpane-8623b689ab09684a",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":10,\"y\":3}"
+                    },
+                    {
+                        "key": "panelpane-2c931e93b0a25940",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":15,\"y\":3}"
+                    },
+                    {
+                        "key": "panelpane-6052fefb99524948",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panelpane-b7fcf1e9a9428b41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-3bd1f319951a1949",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-4f8a91c58c9d3b4e",
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-bf711447aeb87a4d",
+                    "title": "API Calls By HTTP Method",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Requests\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{Method}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Count Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by method",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0c6ca348a22a684a",
+                    "title": "4XX Errors by HTTP Method",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Sum of 4XX Errors\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{method}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=4XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by method",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fcf2a359aca4f947",
+                    "title": "5XX Errors By HTTP Method",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Sum of 5XX Errors\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{method}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=5XXError Statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}}  method={{method}} resource={{resource}} | sum by method",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-1bd728408f442a49",
+                    "title": "API Calls",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Total Calls\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-134c2b108813b846",
+                    "title": "Unique API Calls",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Unique Calls\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by apiname, namespace, region, account, method | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-8623b689ab09684a",
+                    "title": "API Resources",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Resource\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by apiname, namespace, region, account, resource | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2c931e93b0a25940",
+                    "title": "API Call Breakdown",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Calls\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=count statistic=Sum account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | sum by apiname, method, resource | eval round(_value)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6052fefb99524948",
+                    "title": "Cache Hits and Misses",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Rate\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Cache Hits, apiname={{apiname}} \"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Cache Miss, apiname={{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CacheHitCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account | eval _value * 100",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CacheMissCount statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account | eval _value * 100",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b7fcf1e9a9428b41",
+                    "title": "Average Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Latency statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3bd1f319951a1949",
+                    "title": "Average Integration Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=IntegrationLatency statistic=Average account={{account}} region={{region}} apiname={{apiname}} stage={{stage}} method={{method}} resource={{resource}} | avg by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4f8a91c58c9d3b4e",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"alignment\":\"left\",\"fontSize\":16,\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard works on detailed CloudWatch metrics which needs to be explicitly enabled. You can do this in the console by selecting \"Enable CloudWatch Metrics\" under a stage Settings tab. Alternatively, you can call the update-stage AWS CLI command to update the metricsEnabled property to true."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "stage",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} apiname={{apiname}}",
+                        "key": "stage"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "method",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} apiname={{apiname}} stage={{stage}}",
+                        "key": "method"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "resource",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} apiname={{apiname}}",
+                        "key": "resource"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Classic-lb-App.json b/aws-observability-terraform/examples/aws-observability/json/Classic-lb-App.json
new file mode 100644
index 00000000..9cf53585
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Classic-lb-App.json
@@ -0,0 +1,3039 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS Classic Load Balancer",
+    "description": "The Sumo Logic App for AWS Observability Classic Load Balancer is a unified logs and metrics (ULM) App that gives you visibility into the health of your Classic Load Balancer. Use the pre-configured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Classic Load Balancer - Overview",
+            "description": "See the overview of Classic load balancer including the requests, healthy and unhealthy host count, backend response time, and active connections.",
+            "title": "1. AWS Classic Load Balancer - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-1b6c3f98bd2fa94a",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-b28e428595aa7841",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-3c5686918c144a48",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-01a4cebc9d796a44",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-5d596c23a60d9b43",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-5711200884094842",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-3919c994a29d9b4a",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":36}"
+                    },
+                    {
+                        "key": "panelpane-ed2772e08225f840",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelpane-97c80ce1b96ed948",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-84EA9744A2C6BB47",
+                        "structure": "{\"height\":12,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-AEBA84C2BE464B40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-BFCE029B9E625B46",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-C44F0671A5AFEA41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":6}"
+                    },
+                    {
+                        "key": "panel4A7F28558036BA4D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-5AE57A6E80107B44",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-1b6c3f98bd2fa94a",
+                    "title": "Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"valueFontSize\":24,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":16,\"label\":\"Hosts\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b28e428595aa7841",
+                    "title": "Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"label\":\"Hosts\",\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3c5686918c144a48",
+                    "title": "Backend Connection Errors",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#527b01\"},{\"from\":10,\"to\":20,\"color\":\"#b18209\"},{\"from\":20,\"to\":null,\"color\":\"#b63010\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=BackendConnectionErrors Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-01a4cebc9d796a44",
+                    "title": "Request Count",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Requests\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5d596c23a60d9b43",
+                    "title": "Surge Queue Length",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Surge Queue Length\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SurgeQueueLength Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5711200884094842",
+                    "title": "Spillover Count",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Spillover Count\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3919c994a29d9b4a",
+                    "title": "Overall Healthy vs Unhealthy Host Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Host Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Healthy Host - {{loadbalancername}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"UnHealthy Host - {{loadbalancername}}\"}}],\"color\":{\"family\":\"scheme7\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ed2772e08225f840",
+                    "title": "Requests Served by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-97c80ce1b96ed948",
+                    "title": "4XX by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-84EA9744A2C6BB47",
+                    "title": "Request Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| sum(_count) by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AEBA84C2BE464B40",
+                    "title": "Load Balancer Latency (ms)",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | eval(_value*1000) | avg by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BFCE029B9E625B46",
+                    "title": "5xx Error Codes by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_5XX  Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C44F0671A5AFEA41",
+                    "title": "4xx Error Codes by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#75bf00\"},{\"from\":10,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX  Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4A7F28558036BA4D",
+                    "title": "5XX by Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-5AE57A6E80107B44",
+                    "title": "Threat Intel Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#8ecc1b\"},{\"from\":1,\"to\":5,\"color\":\"#f6c851\"},{\"from\":5,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as method, protocol, domain, server_port, path nodrop\n| parse field=client \"*:*\" as ClientIP, Cport nodrop\n| parse field=backend \"*:*\" as BackendIP, Backend_port nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancername, account, region, namespace\n| sort by ThreatCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Classic Load Balancer - Response Analysis",
+            "description": "See the details of the Classic Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.",
+            "title": "1. AWS Classic Load Balancer - Response Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-6431EF94BE865945",
+                        "structure": "{\"height\":1,\"width\":8,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-9488B966ABC1E940",
+                        "structure": "{\"height\":1,\"width\":8,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panel80A18A0EB225FB4B",
+                        "structure": "{\"height\":1,\"width\":8,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panel373343E8B68AA846",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-351E28339D1FDB40",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":7}"
+                    },
+                    {
+                        "key": "panelAA81D9348A212B4B",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelFAD82336AEDD0B49",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-CCFCC1BB99CA3843",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelE7BD64DF89B9B94E",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}"
+                    },
+                    {
+                        "key": "panel849F83B5B73CC844",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}"
+                    },
+                    {
+                        "key": "panel848E183B8031884D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}"
+                    },
+                    {
+                        "key": "panel114E4560B4917A43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-4E589BF4AEA7D84B",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-6431EF94BE865945",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"backgroundColor\":\"#f36644\",\"textColor\":\"#222d3b\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Load Balancer 5XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9488B966ABC1E940",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Load Balancer 4XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel80A18A0EB225FB4B",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Load Balancer 3XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel373343E8B68AA846",
+                    "title": "5XX ELB Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-351E28339D1FDB40",
+                    "title": "Client Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelAA81D9348A212B4B",
+                    "title": "Client Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelFAD82336AEDD0B49",
+                    "title": "Client Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CCFCC1BB99CA3843",
+                    "title": "Events - 5XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE7BD64DF89B9B94E",
+                    "title": "4XX ELB Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel849F83B5B73CC844",
+                    "title": "Backend Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel848E183B8031884D",
+                    "title": "Events - 4XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel114E4560B4917A43",
+                    "title": "Events - 3XX Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4E589BF4AEA7D84B",
+                    "title": "Response Codes Distribution by Domain and URI",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (elb_status_code matches \"5*\",1,0) as ELB_5XX\n| if (elb_status_code matches \"4*\",1,0) as ELB_4XX\n| if (elb_status_code matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Classic Load Balancer - Backend Response Analysis",
+            "description": "See the details of the Backend HTTP codes 2XX, 3XX, 4XX, and 5XX by availability zone, and load balancer name.",
+            "title": "2. AWS Classic Load Balancer - Backend Response Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-EFB93C23B0ABA948",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel05DD969FA8F84846",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panelE8037BA1BAFE4840",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panel11E5E924B7E46B4D",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panelPANE-31F3A4E7852C484F",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel8D3D1B68A68C1B49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelA52CD401A29F7942",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelDF364B0988414A44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-2A2CE58CB024284B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelDCE3556190369A4B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panel74660D2CA5358B47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}"
+                    },
+                    {
+                        "key": "panelA5A5D6698A94CB4F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}"
+                    },
+                    {
+                        "key": "panel13B1911EADE35944",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-EFB93C23B0ABA948",
+                    "title": "5xx",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f36644\",\"showTitle\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Backend 5XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel05DD969FA8F84846",
+                    "title": "2XX",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#75bf00\",\"showTitle\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Backend 2XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panelE8037BA1BAFE4840",
+                    "title": "4xx",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Backend 4XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panel11E5E924B7E46B4D",
+                    "title": "3XX",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Backend 3XX Response Codes"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-31F3A4E7852C484F",
+                    "title": "Response Codes Distribution by Domain and URI",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n| if (backend_status_code matches \"5*\",1,0) as Backend_5XX\n| if (backend_status_code matches \"4*\",1,0) as Backend_4XX\n| if (backend_status_code matches \"3*\",1,0) as Backend_3XX\n| if (backend_status_code matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8D3D1B68A68C1B49",
+                    "title": "4XX Backend Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA52CD401A29F7942",
+                    "title": "2XX Backend Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_2XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDF364B0988414A44",
+                    "title": "3XX Backend Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2A2CE58CB024284B",
+                    "title": "Events - 5XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"5*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDCE3556190369A4B",
+                    "title": "Events - 4XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"4*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel74660D2CA5358B47",
+                    "title": "Events - 3XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"3*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA5A5D6698A94CB4F",
+                    "title": "Events - 2XX Response Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"2*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel13B1911EADE35944",
+                    "title": "5XX Backend Response Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS Classic Load Balancer - Latency Overview",
+            "description": "See the details of latency in your classic load balancer by availability zone, and load balancer name.",
+            "title": "3. AWS Classic Load Balancer - Latency Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-8fb7ac20b210584f",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-46aba672bb08b846",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-3ebb85e685bf1b4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-c1ca3098892bea40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-c301d958990e694d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-42811CC2ADA89846",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-BAF589A28E007840",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":7}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-8fb7ac20b210584f",
+                    "title": "Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=Latency Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-46aba672bb08b846",
+                    "title": "Max and Average Total Client Latency by Loadbalancername",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\"},\"axes\":{\"axisY\":{\"title\":\"Average Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false},\"hideLabels\":false},\"axisX\":{\"title\":\"loadbalancername\"},\"axisY2\":{\"hideLabels\":false,\"unit\":{\"value\":\"s\",\"isCustom\":false},\"title\":\"Max Latency\"}},\"series\":{},\"overrides\":[{\"series\":[\"AverageClientLatency\"],\"queries\":[],\"properties\":{\"axisYType\":\"primary\"}},{\"series\":[\"MaximumClientLatency\"],\"queries\":[],\"properties\":{\"axisYType\":\"secondary\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by loadbalancername\n| order by MaximumClientLatency",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3ebb85e685bf1b4f",
+                    "title": "Max and Average Backend Processing Time by Loadbalancername",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Avg Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"loadbalancername\"},\"axisY2\":{\"title\":\"Max latency\",\"unit\":{\"value\":\"Seconds\",\"isCustom\":true}}},\"series\":{},\"overrides\":[{\"series\":[\"AverageBackendProcessingTime\"],\"queries\":[],\"properties\":{\"axisYType\":\"primary\"}},{\"series\":[\"MaximumBackendProcessingTime\"],\"queries\":[],\"properties\":{\"axisYType\":\"secondary\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(backend_processing_time) as AverageBackendProcessingTime, max(backend_processing_time) as MaximumBackendProcessingTime by loadbalancername\n| order by MaximumBackendProcessingTime",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c1ca3098892bea40",
+                    "title": "Average Total Client Latency Over Time by Loadbalancername",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by loadbalancername ,_timeslice\n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c301d958990e694d",
+                    "title": "Average Response Processing Time Over Time by Loadbalancername",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-42811CC2ADA89846",
+                    "title": "Response",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Overall Latency"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BAF589A28E007840",
+                    "title": "Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Events - Backend Latency"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS Classic Load Balancer - Latency Details",
+            "description": "See the details of latency in your classic load balancer including the average and maximum request and response processing time, by backend and ELB.",
+            "title": "4. AWS Classic Load Balancer - Latency Details",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-e21d1869af8bbb43",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-50edccbfa1cd8b4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-39d07f8699151b42",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-6fda9ea0b259db4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-256726aaafcdba4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-d9489b8ebd5daa4c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-fee25a48afe96841",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-9fa04ab689a4594a",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panelPANE-BCC4A01F93DBD84C",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-E66D573EAA3BBA47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12,\"minHeight\":3,\"minWidth\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-e21d1869af8bbb43",
+                    "title": "Defintions",
+                    "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#ffffff\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "#### All Time units are in Seconds\n\n#### **Client Latency** = ( RequestProcessingTime + BackendProcessingTime + ResponseProcessingTime)\n\n#### **RequestProcessingTime** = The total time elapsed from the time the load balancer received the request until the time it sent it to a registered instance.\n\n#### **BackendProcessingTime** = The total time elapsed from the time the load balancer sent the request to a registered instance until the instance started to send the response headers.\n\n#### **ResponseProcessingTime** = The total time elapsed from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.\n\n"
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-50edccbfa1cd8b4f",
+                    "title": "Events - Client Latency by Domain",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-39d07f8699151b42",
+                    "title": "Events - Client Latency by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6fda9ea0b259db4f",
+                    "title": "Events - Average Response Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-256726aaafcdba4d",
+                    "title": "Events - Average Request Processing Time by URI",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d9489b8ebd5daa4c",
+                    "title": "Events - Max Request Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(request_processing_time) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fee25a48afe96841",
+                    "title": "Events - Max Response Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(response_processing_time) as MaximumResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9fa04ab689a4594a",
+                    "title": "Events - Top 20 Client Latency by Paths",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by URI\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BCC4A01F93DBD84C",
+                    "title": "Events - Average Response Processing Time by URI",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E66D573EAA3BBA47",
+                    "title": "Events - Average Request Processing Time by ELB Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[],\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. AWS Classic Load Balancer - Connections and Host Status",
+            "description": "See the details of connections and host status including the average unhealthy host count, and healthy host count by availability zone, and load balancer name.",
+            "title": "5. AWS Classic Load Balancer - Connections and Host Status",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-72162e80bf98794a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-3f69e9d8acb63944",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-b0dcb7ce9acff84d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-0a6b3b1a8e6f2a4d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-256d7e9895990b46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-AC8CEF56B14A3B49",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelA50246B29A29584D",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panel248E85BAAAC3FA49",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panel93A07615B0C15B44",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panelF582E76F8F681B46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelDCF2F2A88E731942",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":13}"
+                    },
+                    {
+                        "key": "panel15B701BABC802B4F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-9EB0E883B1BAB84B",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-72162e80bf98794a",
+                    "title": "Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3f69e9d8acb63944",
+                    "title": "Backend Connections Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=BackendConnectionErrors Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b0dcb7ce9acff84d",
+                    "title": "Active Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBActiveConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0a6b3b1a8e6f2a4d",
+                    "title": "New Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBNewConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-256d7e9895990b46",
+                    "title": "Rejected Connections (Using Spillover Count)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AC8CEF56B14A3B49",
+                    "title": "Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Connections"
+                },
+                {
+                    "id": null,
+                    "key": "panelA50246B29A29584D",
+                    "title": "Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Connections Errors"
+                },
+                {
+                    "id": null,
+                    "key": "panel248E85BAAAC3FA49",
+                    "title": "Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Unhealthy Hosts"
+                },
+                {
+                    "id": null,
+                    "key": "panel93A07615B0C15B44",
+                    "title": "Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Healthy Hosts"
+                },
+                {
+                    "id": null,
+                    "key": "panelF582E76F8F681B46",
+                    "title": "3XX Backend Error Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDCF2F2A88E731942",
+                    "title": "4XX Backend Error Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel15B701BABC802B4F",
+                    "title": "Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9EB0E883B1BAB84B",
+                    "title": "Classic ELB Metrics",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\",\"fontSize\":12},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "**SpilloverCount** -  When requests exceed the maximum SurgeQueueLength, the SpilloverCount metric starts to measure rejected requests. The maximum SurgeQueueLength is 1024.\n\n**SurgeQueueLength** - The total number of requests (HTTP listener) or connections (TCP listener) that are pending routing to a healthy instance. The maximum size of the queue is 1,024. Additional requests or connections are rejected when the queue is full.\n\n**EstimatedALBActiveConnectionCount** - The estimated number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedALBConsumedLCUs** - The estimated number of load balancer capacity units (LCU) used by an Application Load Balancer. You pay for the number of LCUs that you use per hour. For more information, see Elastic Load Balancing Pricing for more info https://aws.amazon.com/elasticloadbalancing/pricing/\n\n**EstimatedALBNewConnectionCount** - The estimated number of new TCP connections established from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedProcessedBytes** The estimated number of bytes processed by an Application Load Balancer."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6. AWS Classic Load Balancer - Requests and Processed Bytes",
+            "description": "See the details of requests and Processed bytes for your classic load balancer.",
+            "title": "6. AWS Classic Load Balancer - Requests and Processed Bytes",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-2fb20d99840ff849",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-7836817bb708584c",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-9b153d55a89e9849",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-0a893b479b02184f",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelPANE-EFE34823AB0FD841",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel9C8F307FA318284A",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-B00C3708A858994E",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panel15C0E6E0A725A84E",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panel506081A3919ACA4A",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel6A37B8FBA033EB4D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-2fb20d99840ff849",
+                    "title": "Events - Outlier (Decrease) Requests  by Backend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7836817bb708584c",
+                    "title": "Events - Outlier (Increase) Requests by Backend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(backend)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9b153d55a89e9849",
+                    "title": "Events - Outlier (Decrease) Requests by Loadbalancername",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0a893b479b02184f",
+                    "title": "Events - Outlier (Increase) Requests by Loadbalancername",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EFE34823AB0FD841",
+                    "title": "Request Counts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}} \"}}],\"series\":{},\"hiddenQueryKeys\":[\"B\"]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount statistic=sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9C8F307FA318284A",
+                    "title": "Estimated Processed Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}} \"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedProcessedBytes Statistic=Sum | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B00C3708A858994E",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Requests to Backend Servers"
+                },
+                {
+                    "id": null,
+                    "key": "panel15C0E6E0A725A84E",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Requests by URI"
+                },
+                {
+                    "id": null,
+                    "key": "panel506081A3919ACA4A",
+                    "title": "Received Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(received_bytes) as ReceivedBytes by _timeslice\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6A37B8FBA033EB4D",
+                    "title": "Sent Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(sent_bytes) as SentBytes by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "7. AWS Classic Load Balancer - Threat Intel",
+            "description": "See the details of IP threats including the count, location, and highly malicious IP threats.",
+            "title": "7. AWS Classic Load Balancer - Threat Intel",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/elb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-3b762241ac0aba4d",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-c08479a8a0390b4d",
+                        "structure": "{\"height\":6,\"width\":16,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-b8ffc92b8b722a41",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-c605d948852ffb48",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-642147F890E0F848",
+                        "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-3AA22D409203F942",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-3b762241ac0aba4d",
+                    "title": "All IP Threat Count",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Threats\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c08479a8a0390b4d",
+                    "title": "Highly Malicious IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b8ffc92b8b722a41",
+                    "title": "All IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c605d948852ffb48",
+                    "title": "Malicious Confidence",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-642147F890E0F848",
+                    "title": "Threat Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3AA22D409203F942",
+                    "title": "Top URI's Accessed by Highly Malicious Threat IPs",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" // and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/elb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elb",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancername",
+                    "displayName": "loadbalancername",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/DynamoDb-App.json b/aws-observability-terraform/examples/aws-observability/json/DynamoDb-App.json
new file mode 100644
index 00000000..6bf0995a
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/DynamoDb-App.json
@@ -0,0 +1,1765 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS DynamoDB",
+    "description": "The Sumo Logic App for Amazon DynamoDB is a unified logs and metrics (ULM) App which provides operational insights into your DynamoDB solution. The App includes Dashboards that allow you to monitor key metrics and view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB solution.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS DynamoDB - Capacity Planning",
+            "description": "See the details of your DynamoDB capacity including the provisioned read/write consumed, read/write throttle events, and throttled requests.",
+            "title": "1. AWS DynamoDB - Capacity Planning",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "tablename": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-758a87f88db51a42",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-7ce3de61ba35494b",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-c19a008d8deb484a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-111875ec95757b47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panelpane-23b8449dba70ab40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-37a79b0eb9b0eb41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panelpane-33fc42308e69684d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-7bb8c9c3bf64594d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-64a23ff7af69e845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-2e19df1fbc923a4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-8162C8AD9A9E3A43",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-75FFAE93B0AAC842",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-758a87f88db51a42",
+                    "title": "Read Capacity Consumed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"hiddenQueryKeys\":[\"C\"],\"axes\":{\"axisY\":{\"title\":\"Read Capacity\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Provisioned Read Capacity\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Consumed Read Capacity\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ProvisionedReadCapacityUnits Statistic=Maximum | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ConsumedReadCapacityUnits Statistic=Maximum | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7ce3de61ba35494b",
+                    "title": "Write Capacity Consumed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"hiddenQueryKeys\":[],\"axes\":{\"axisY\":{\"title\":\"Write Capacity\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Provisioned Write Capacity\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Consumed Write Capacity\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ProvisionedWriteCapacityUnits Statistic=Maximum  | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ConsumedWriteCapacityUnits Statistic=Maximum  | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c19a008d8deb484a",
+                    "title": "Throttled Read Requests by Operation",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[],\"aggregationType\":\"latest\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#75bf00\"},{\"from\":10,\"to\":20,\"color\":\"#f6c851\"},{\"from\":20,\"to\":null,\"color\":\"#f36644\"}]},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"honeyComb\",\"name\":\"Operation={{operation}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*get* or operation=*scan* or operation=*query*) | sum by account, region, namespace, tablename, operation",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-111875ec95757b47",
+                    "title": "Throttled Read Requests by Operation",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Throttled Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{operation}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*get* or operation=*scan* or operation=*query*) | sum by account, region, namespace, tablename, operation",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-23b8449dba70ab40",
+                    "title": "Throttled Write Requests by Operation",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[],\"aggregationType\":\"latest\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#75bf00\"},{\"from\":10,\"to\":20,\"color\":\"#f6c851\"},{\"from\":20,\"to\":null,\"color\":\"#f36644\"}]},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"honeyComb\",\"name\":\"Operation={{operation}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*update* or operation=*put* or operation=*delete* or operation=*write*) | sum by account, region, namespace, tablename, operation",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-37a79b0eb9b0eb41",
+                    "title": "Throttled Write Requests by Operation",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Throttled Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{operation}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum (operation=*update* or operation=*put* or operation=*delete* or operation=*write*) | sum by account, region, namespace, tablename, operation",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33fc42308e69684d",
+                    "title": "Read Throttle Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Read Throttle\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ReadThrottleEvents Statistic=sum | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7bb8c9c3bf64594d",
+                    "title": "Write Throttle Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Write Throttle\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=WriteThrottleEvents Statistic=sum | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-64a23ff7af69e845",
+                    "title": "Account Allotted Max Reads",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{metric}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{metric}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxReads Statistic=Average | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxTableLevelReads Statistic=Average | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2e19df1fbc923a4f",
+                    "title": "Account Allotted Max Writes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{metric}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{metric}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxWrites Statistic=Average | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": " region={{region}} namespace={{namespace}} account={{account}} metric=AccountMaxTableLevelWrites Statistic=Average | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8162C8AD9A9E3A43",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false,\"format\":\"text\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Read Capacity"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-75FFAE93B0AAC842",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222d3b\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Write Capacity"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS DynamoDB - Overview",
+            "description": "See the overview of your DynamoDB environment including the events, errors, requests, users, and latency.",
+            "title": "1. AWS DynamoDB - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-03afc899b83e3b40",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":11,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-8e0495858ee4a94d",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-3e2796b7b77b5940",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":11,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-e29e6cc9af5e4b42",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-0484a988b07b8844",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-59d508b6a02e1b47",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-f2957042aa078a4c",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-4b0d076ea131fb4f",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-379759c691e78b41",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-064f62b0b148db44",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-c0cb88ffbad6eb42",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-7180293892a2384f",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-4AD569BB8E29FA47",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":5,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-726F5B8B9BA0E847",
+                        "structure": "{\"height\":1,\"width\":11,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-9996244EB0D61943",
+                        "structure": "{\"height\":1,\"width\":13,\"x\":11,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-FC51C131BE15BB4A",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelPANE-0E41F8F3ABA0DB49",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-84030AF0BE6C5A41",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-03afc899b83e3b40",
+                    "title": "Average Write Capacity",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"% Write Capacity\",\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":100,\"color\":\"#b63010\"}],\"option\":\"Average\",\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true}},\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=AccountProvisionedWriteCapacityUtilization Statistic=Average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-8e0495858ee4a94d",
+                    "title": "User Errors",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"valueFontSize\":24,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":12,\"label\":\"User Errors\",\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"noDataString\":\"0\",\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=UserErrors Statistic=SampleCount | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3e2796b7b77b5940",
+                    "title": "System Errors",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"System Errors\",\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":12,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=SystemErrors Statistic=SampleCount | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e29e6cc9af5e4b42",
+                    "title": "Conditional Check Fails",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Check Fails\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#527b01\"},{\"from\":10,\"to\":20,\"color\":\"#b18209\"},{\"from\":20,\"to\":null,\"color\":\"#b63010\"}],\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":12,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=ConditionalCheckFailedRequests Statistic=SampleCount | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0484a988b07b8844",
+                    "title": "Transaction Conflicts",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Conflicts\",\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":12,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=TransactionConflict Statistic=SampleCount | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-59d508b6a02e1b47",
+                    "title": "Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"MilliSeconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=Average  | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f2957042aa078a4c",
+                    "title": "Successful Requests Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=SampleCount  | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4b0d076ea131fb4f",
+                    "title": "User and System Errors",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"User Errors - {{Account}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"System Errors - {{Account}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=UserErrors Statistic=SampleCount | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=SystemErrors Statistic=SampleCount  | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-379759c691e78b41",
+                    "title": "Events Over Time",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| timeslice 5m\n| count by EventName, _timeslice\n| transpose row _timeslice column EventName ",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-064f62b0b148db44",
+                    "title": "Top 10 Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as Count by ErrorCode, ErrorMessage\n| sort by Count\n| limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c0cb88ffbad6eb42",
+                    "title": "Top 5 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} Region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as Count by UserName\n| sort Count \n| limit 5",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7180293892a2384f",
+                    "title": "Average Read Capacity",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"hiddenQueryKeys\":[\"B\"],\"svp\":{\"option\":\"Average\",\"label\":\"% Read Capacity\",\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":100,\"color\":\"#b63010\"}],\"rounding\":2,\"valueFontSize\":20,\"labelFontSize\":8,\"noDataString\":\"\",\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} metric=AccountProvisionedReadCapacityUtilization Statistic=Average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4AD569BB8E29FA47",
+                    "title": "Top 5 Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} Region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as count by EventName\n| sort count \n| limit 5",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-726F5B8B9BA0E847",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222d3b\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Table Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9996244EB0D61943",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"textColor\":\"#222d3b\",\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Performance"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FC51C131BE15BB4A",
+                    "title": "Untitled",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222d3b\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Latency and Errors"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-0E41F8F3ABA0DB49",
+                    "title": "Throttled Requests",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} account={{account}} region={{region}} tablename={{tablename}} metric=ThrottledRequests Statistic=sum  | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-84030AF0BE6C5A41",
+                    "title": "Conditional Check Fails",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} tablename={{tablename}} metric=ConditionalCheckFailedRequests Statistic=SampleCount  | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS DynamoDB  - Latency and Errors",
+            "description": "See the details of errors and latency of your DynamoDB including the user error, system error, failed request, and latency.",
+            "title": "2. AWS DynamoDB  - Latency and Errors",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "tablename": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-1c57082ea2a7b94a",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-cb93c390b6c9e84c",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-565f9477bb219b49",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelpane-2ddf6d7cac068a4a",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":9}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-1c57082ea2a7b94a",
+                    "title": "Get Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"MilliSeconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{operation}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=Average (operation=*get* or operation=*scan* or operation=*query*) | sum by account, region, namespace, tablename, operation",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-cb93c390b6c9e84c",
+                    "title": "Put Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"MilliSeconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{operation}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} region={{region}} account={{account}} tablename={{tablename}} metric=SuccessfulRequestLatency Statistic=Average (operation=*update* or operation=*put* or operation=*delete* or operation=*write*) | sum by account, region, namespace, tablename, operation",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-565f9477bb219b49",
+                    "title": "Conditional Check Fail",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} tablename={{tablename}} metric=ConditionalCheckFailedRequests Statistic=SampleCount | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2ddf6d7cac068a4a",
+                    "title": "Transaction Conflict",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} tablename={{tablename}} metric=TransactionConflict Statistic=SampleCount | sum by account, region, namespace, tablename",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS DynamoDB - Events",
+            "description": "See the details on events in your DynamoDB including the location, users, errors, updates, creations, and deletions to tables.",
+            "title": "3. AWS DynamoDB - Events",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "tablename": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-86e1f420a9e24948",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-da8bb2b4afbc5948",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-45b8f26c8c98fa45",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-b8faa804b5a87b46",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-4c0728c1af8c2a4c",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-e435b2fb9dd53844",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-DE37191980FCE946",
+                        "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-86e1f420a9e24948",
+                    "title": "Top 5 Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":50,\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count by EventName\n| sort by _count, EventName asc\n| limit 5",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-da8bb2b4afbc5948",
+                    "title": "Events Over Time",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\" as EventName, Region, tablename, SourceIp, UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| timeslice 5m\n| count by EventName, _timeslice\n| transpose row _timeslice column EventName \n| fillmissing timeslice (5m)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-45b8f26c8c98fa45",
+                    "title": "Total Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#ffb5b5\"},{\"from\":10,\"to\":50,\"color\":\"#ff5d5d\"},{\"from\":50,\"to\":null,\"color\":\"#bf2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\") and !isEmpty(ErrorCode)\n| count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b8faa804b5a87b46",
+                    "title": "Top 10 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count as count by UserName\n| sort count \n| limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4c0728c1af8c2a4c",
+                    "title": "Top Errors",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"errorCode\", \"errorMessage\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, ErrorCode, ErrorMessage nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\") and !isEmpty(ErrorCode)\n| count as Count by ErrorCode, ErrorMessage, EventName, UserName, SourceIp\n| sort by Count\n| limit 20",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e435b2fb9dd53844",
+                    "title": "All Table Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\", \"requestParameters.keySchema\", \"requestParameters.attributeDefinitions\", \"userAgent\", \"responseElements.tableDescription.provisionedThroughput\", \"userIdentity.sessionContext.attributes.mfaAuthenticated\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName, TableSchema, AttributeDefinition, UserAgent, ProvisionedThroughput, MFAAuthenticated nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS\") as MessageDate\n| count as Count by MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated\n| sort by MessageDate\n| fields MessageDate, EventName, tablename, UserName, SourceIp, MFAAuthenticated",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-DE37191980FCE946",
+                    "title": "All Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| count by SourceIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = SourceIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS DynamoDB - Threat Intel",
+            "description": "See the details of IP threats including the count, location, and highly malicious IP threats.",
+            "title": "4. AWS DynamoDB - Threat Intel",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "tablename": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-3b762241ac0aba4d",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-c08479a8a0390b4d",
+                        "structure": "{\"height\":6,\"width\":16,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-b8ffc92b8b722a41",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-c605d948852ffb48",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-A3CC89D8BF50F949",
+                        "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-3b762241ac0aba4d",
+                    "title": "All IP Threat Count",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Threats\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c08479a8a0390b4d",
+                    "title": "Highly Malicious IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by SourceIp, tablename\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, tablename, Actor, LabelName\n| sort by ThreatCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b8ffc92b8b722a41",
+                    "title": "All IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c605d948852ffb48",
+                    "title": "Malicious Confidence",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by malicious_confidence\n| sort by _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A3CC89D8BF50F949",
+                    "title": "Threat Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"map\":{\"layerType\":\"Cluster\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where tolowercase(tablename) matches tolowercase(\"{{tablename}}\")\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by SourceIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = SourceIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/EC2-Metrics-App.json b/aws-observability-terraform/examples/aws-observability/json/EC2-Metrics-App.json
new file mode 100644
index 00000000..c6b64ac5
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/EC2-Metrics-App.json
@@ -0,0 +1,3241 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS EC2 Metrics",
+    "description": "The Sumo Logic App for AWS EC2 Metrics allows you to collect your EC2 instance metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of EC2 instance metrics for cpu, disk, memory, network.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS EC2 Metrics - Overview",
+            "description": "The AWS EC2 Metrics - Overview dashboard provides at-a-glance information about a EC2 CPU, memory, network and disk usage.",
+            "title": "1. AWS EC2 Metrics - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-b03ffbbdb0b59b4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-73159cd48a30e84d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-7c0398e384ef0b4b",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-2a01fd42b58b994e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-21f9df3286d4d843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":36}"
+                    },
+                    {
+                        "key": "panelpane-b0342f51a88b2a47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":36}"
+                    },
+                    {
+                        "key": "panelpane-2f4529faa0fcc94e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":42}"
+                    },
+                    {
+                        "key": "panelpane-909c4962a7e08843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":42}"
+                    },
+                    {
+                        "key": "panelpane-33b218968b91a845",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-481cfaaf957d7842",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-d3677624bfee3b41",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-cea7ffdeb458fb4e",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-33ac098a81186b4e",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-9d0a24618eef0a4e",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-1e29da5dbd267a45",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-2061037A94244A4B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-DE8ED3CB8CEBF849",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel2F40FE32B1ED8A48",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel092B86A6AF75C942",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelE292F5CA9886CA4E",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":18}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-b03ffbbdb0b59b4d",
+                    "title": "Average CPU Idle per Instance Type",
+                    "visualSettings": "{\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Average CPU Idle\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Idle account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg by instanceType",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-73159cd48a30e84d",
+                    "title": "Overall Average CPU Load (1m, 5m, 15m)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Average CPU Load\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"1 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"5 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"15 Minute Average CPU Load\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_1min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_5min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_15min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7c0398e384ef0b4b",
+                    "title": "Total Free System Memory per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Free Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Free | sum by instanceType",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2a01fd42b58b994e",
+                    "title": "Total Used, Less Buffers and Cached Memory per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Used Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualUsed | sum by instanceType",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-21f9df3286d4d843",
+                    "title": "Disk Used Bytes per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Disk Used Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Used | sum by instanceType",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b0342f51a88b2a47",
+                    "title": "Disk Available Bytes per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Disk Available Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Available | sum by instanceType",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2f4529faa0fcc94e",
+                    "title": "Network InByte Rate per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network InByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceType | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-909c4962a7e08843",
+                    "title": "Network OutByte Rate per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"wrap\":true,\"enabled\":true},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network OutByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceType | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33b218968b91a845",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-481cfaaf957d7842",
+                    "title": "Average Memory Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Average\",\"label\":\"% Memory Usage\",\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d3677624bfee3b41",
+                    "title": "Average Inbound Connection",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Average\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"label\":\"Connections\",\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= TCP_InboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-cea7ffdeb458fb4e",
+                    "title": "Average Outbound Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Connections\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= TCP_OutboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33ac098a81186b4e",
+                    "title": "Average Received Bytes",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"MB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Net_InBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9d0a24618eef0a4e",
+                    "title": "Average Sent Bytes",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"MB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Net_OutBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-1e29da5dbd267a45",
+                    "title": "Instance Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\",\"aggregationType\":\"latest\"},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Sys account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | eval(_value/_value) | quantize to 60m using count | count by instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2061037A94244A4B",
+                    "title": "Instances with High CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":60,\"color\":\"#28aa55\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | filter latest > 75 | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-DE8ED3CB8CEBF849",
+                    "title": "Instances with High Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":60,\"color\":\"#75bf00\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | filter latest > 75 | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2F40FE32B1ED8A48",
+                    "title": "Instances with Low CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":6,\"color\":\"#28aa55\"},{\"from\":6,\"to\":11,\"color\":\"#f6c851\"},{\"from\":11,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | filter latest <= 10 | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel092B86A6AF75C942",
+                    "title": "Instances with Low Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":6,\"color\":\"#75bf00\"},{\"from\":6,\"to\":11,\"color\":\"#f6c851\"},{\"from\":11,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | filter latest <= 10 | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE292F5CA9886CA4E",
+                    "title": "Average CPU Utilization by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Avg CPU Utilization\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} | avg by instancetype | topk(25, avg)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS EC2 Metrics - Summary",
+            "description": "The AWS EC2 Metrics - Summary dashboard provides at-a-glance information about a EC2 CPU, memory, network and disk usage.",
+            "title": "1. AWS EC2 Metrics - Summary",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-b03ffbbdb0b59b4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":5}"
+                    },
+                    {
+                        "key": "panelpane-73159cd48a30e84d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelpane-7c0398e384ef0b4b",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-2a01fd42b58b994e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-21f9df3286d4d843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelpane-b0342f51a88b2a47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":17}"
+                    },
+                    {
+                        "key": "panelpane-909c4962a7e08843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":23}"
+                    },
+                    {
+                        "key": "panelpane-33b218968b91a845",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-481cfaaf957d7842",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-d3677624bfee3b41",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-cea7ffdeb458fb4e",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-33ac098a81186b4e",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-9d0a24618eef0a4e",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel92B3F2A48B5DCA4F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":23}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-b03ffbbdb0b59b4d",
+                    "title": "CPU Idle Time",
+                    "visualSettings": "{\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Average CPU Idle\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Idle account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-73159cd48a30e84d",
+                    "title": "Overall Average CPU Load (1m, 5m, 15m)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Average CPU Load\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"1 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"5 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"15 Minute Average CPU Load\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_1min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_5min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_15min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7c0398e384ef0b4b",
+                    "title": "Total Free System Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Free Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Free | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2a01fd42b58b994e",
+                    "title": "Total Used, Less Buffers and Cached Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Used Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualUsed | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-21f9df3286d4d843",
+                    "title": "Disk Used Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Disk Used Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"instanceid={{instanceid}} dirname={{dirname}} devname={{devname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Used | sum by account, region, namespace, instanceid, dirname, devname",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b0342f51a88b2a47",
+                    "title": "Disk Available Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Disk Available Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"instanceid={{instanceid}} dirname={{dirname}} devname={{devname}}\"}}],\"color\":{\"family\":\"scheme7\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Available | sum by account, region, namespace, instanceid, dirname, devname",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-909c4962a7e08843",
+                    "title": "Network OutByte Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"wrap\":true,\"enabled\":true},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network OutByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33b218968b91a845",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=CPU_Total account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-481cfaaf957d7842",
+                    "title": "Memory Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Average\",\"label\":\"% Memory Usage\",\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d3677624bfee3b41",
+                    "title": "Inbound Connection",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Average\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"label\":\"Connections\",\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= TCP_InboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-cea7ffdeb458fb4e",
+                    "title": "Outbound Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Connections\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= TCP_OutboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33ac098a81186b4e",
+                    "title": "Received Bytes",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"MB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":1}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Net_InBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9d0a24618eef0a4e",
+                    "title": "Sent Bytes",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"MB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":1}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric= Net_OutBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel92B3F2A48B5DCA4F",
+                    "title": "Network InByte Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network InByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS EC2 Metrics - CPU",
+            "description": "The AWS EC2 Metrics - CPU dashboard provides details information about a EC2 CPU usage.",
+            "title": "2. AWS EC2 Metrics - CPU",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-b8fdf6e2b8c1d843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-faa47ec2a6e5d947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-c59320268cdb7a49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-88f4336192c38b49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-373635dab1b6b944",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-1902994c9e385941",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-29ddbf5e98aa884e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-46c987c099bacb4c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-b8fdf6e2b8c1d843",
+                    "title": "CPU User Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_User | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-faa47ec2a6e5d947",
+                    "title": "CPU Nice Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Nice | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c59320268cdb7a49",
+                    "title": "CPU Kernel Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Sys | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-88f4336192c38b49",
+                    "title": "CPU Time Servicing Interrupts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Irq | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-373635dab1b6b944",
+                    "title": "CPU Time Servicing SoftIrqs",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= CPU_SoftIrq | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-1902994c9e385941",
+                    "title": "CPU Idle Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Idle | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-29ddbf5e98aa884e",
+                    "title": "CPU Involuntary Wait Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= CPU_Stolen | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-46c987c099bacb4c",
+                    "title": "CPU IO Wait Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_IOWait | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS EC2 - Events",
+            "description": "The AWS EC2 Metrics - Audit Event Overview dashboard provides detailed insights into all events associated with EC2 instances and specifically helps identify changes, errors, and users",
+            "title": "3. AWS EC2 - Events",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-9A6827ADAFD40B48",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panel808FD9FD8BFB6846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}"
+                    },
+                    {
+                        "key": "panelPANE-F6D67170A3207848",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-55BA9CD690905848",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelE1BCBDE685FB3944",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-4D66006086774A44",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-829F6ADB86227949",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":39}"
+                    },
+                    {
+                        "key": "panel1DA5F9AA9C03F945",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":32}"
+                    },
+                    {
+                        "key": "panelPANE-C6B1C1249FED294C",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":23}"
+                    },
+                    {
+                        "key": "panel422C79CD944AC840",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":10}"
+                    },
+                    {
+                        "key": "panelB86F7C84926F1844",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panelABB275868F4B2A44",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelA10E415491CA1B4F",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-4B95C387A7D03B47",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":45}"
+                    },
+                    {
+                        "key": "panelF999E9E5A6591B41",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelC8228A47A6D3DA4D",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-4022F95385542A46",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":31}"
+                    },
+                    {
+                        "key": "panelD9E5828D86D12941",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":38}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-9A6827ADAFD40B48",
+                    "title": "Event Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by eventStatus\n| sort by _count, eventStatus asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel808FD9FD8BFB6846",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isBlank(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F6D67170A3207848",
+                    "title": "Successful Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-55BA9CD690905848",
+                    "title": "Events Types Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE1BCBDE685FB3944",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4D66006086774A44",
+                    "title": "Top 10 Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-829F6ADB86227949",
+                    "title": "Latest Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1DA5F9AA9C03F945",
+                    "title": "Latest Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C6B1C1249FED294C",
+                    "title": "Top 10 AssumedRole  Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as Count by user\n| sort by Count, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel422C79CD944AC840",
+                    "title": "Top Events Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as Count by event_name\n| sort by Count, event_name asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB86F7C84926F1844",
+                    "title": "Event Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\",  if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelABB275868F4B2A44",
+                    "title": "Events Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA10E415491CA1B4F",
+                    "title": "Top 10 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as Count by user\n| sort by Count, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4B95C387A7D03B47",
+                    "title": "Events from Known Malicious IP Addresses",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF999E9E5A6591B41",
+                    "title": "Failure Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isBlank(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8228A47A6D3DA4D",
+                    "title": "Top 10 User Agents",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as event_count by user_agent\n| sort by event_count, user_agent asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4022F95385542A46",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Successful Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelD9E5828D86D12941",
+                    "title": "Failure Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Failure Events"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS EC2 Metrics - Memory",
+            "description": "The AWS EC2 Metrics - Memory dashboard provides details information about a EC2 memory usage.",
+            "title": "3. AWS EC2 Metrics - Memory",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-efa308ec98ca9a47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-51fa4586b262ea45",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-f40f828787debb4b",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-f77ed3b9a7469a41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-14a8edc8a9082a44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-fd78c765b827f940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-efa308ec98ca9a47",
+                    "title": "Total Physical RAM",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Total | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-51fa4586b262ea45",
+                    "title": "Memory Free vs Used Percentage",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Used Percent - {{instanceid}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Free Percent - {{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_UsedPercent | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= Mem_FreePercent | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f40f828787debb4b",
+                    "title": "Total Free, Buffers and Cached Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualFree | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f77ed3b9a7469a41",
+                    "title": "Total Used, Less Buffers and Cached Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualUsed | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-14a8edc8a9082a44",
+                    "title": "Total Free Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Free | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fd78c765b827f940",
+                    "title": "Total Used Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Used | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS EC2 Metrics - Disk",
+            "description": "The AWS EC2 Metrics - Disk dashboard provides details information about a EC2 Disk usage.",
+            "title": "4. AWS EC2 Metrics - Disk",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-f5adc9cfa7ab084e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-fbbffe38bcd87a4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-74ec11c0b1d21845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-972ecae0a835ab49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-e941049387bcc843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-24a34d858564ca43",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-7940D0AEBE753846",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-A8BE6B8FB2B93A44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-f5adc9cfa7ab084e",
+                    "title": "Disk Used Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Used | sum by account, region, namespace, instanceid, dirname, devname",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fbbffe38bcd87a4d",
+                    "title": "Disk Available Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Available | sum by account, region, namespace, instanceid, dirname, devname",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-74ec11c0b1d21845",
+                    "title": "Disk Read Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Reads | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-972ecae0a835ab49",
+                    "title": "Disk Read Byte Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Byte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_ReadBytes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e941049387bcc843",
+                    "title": "Disk Write Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Writes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-24a34d858564ca43",
+                    "title": "Disk Write Byte Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Byte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_WriteBytes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-7940D0AEBE753846",
+                    "title": "File System Used Percent",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Percentage\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme7\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=Disk_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | sum by account, region, namespace, instanceid, dirname, devname",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A8BE6B8FB2B93A44",
+                    "title": "Disk Queue Operations",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Operations\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme7\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "metric=Disk_Queue account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | sum by account, region, namespace, instanceid, dirname, devname",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. AWS EC2 Metrics - Network",
+            "description": "The AWS EC2 Metrics - Network dashboard provides details information about a EC2 Network activities based on In and out packets, bytes.",
+            "title": "5. AWS EC2 Metrics - Network",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-aae783508eb33b4b",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-38312cc29dd88a45",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-256276e180045843",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelpane-f0bf2577bbe6ba48",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":9}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-aae783508eb33b4b",
+                    "title": "Network InPacket Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InPackets | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-38312cc29dd88a45",
+                    "title": "Network OutPacket Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutPackets | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-256276e180045843",
+                    "title": "Network InByte Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f0bf2577bbe6ba48",
+                    "title": "Network OutByte Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid | rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6. AWS EC2 Metrics - TCP",
+            "description": "The AWS EC2 Metrics - TCP dashboard provides details information about a EC2 connection details.",
+            "title": "6. AWS EC2 Metrics - TCP",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-17ee2e37b6eccb47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-c24a86f4a132b84c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-820b2a5db0d45848",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-d8ac2293bd568940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-ef64ec5dbc991840",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-35dcff5392216a4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-EC5685348CE70A41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-B10542A88EB87840",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-17ee2e37b6eccb47",
+                    "title": "Inbound Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_InboundTotal | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c24a86f4a132b84c",
+                    "title": "Outbound Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_OutboundTotal | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-820b2a5db0d45848",
+                    "title": "Listen Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Listen | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d8ac2293bd568940",
+                    "title": "Established Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Established | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ef64ec5dbc991840",
+                    "title": "CloseWait Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_CloseWait ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-35dcff5392216a4f",
+                    "title": "TimeWait Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_TimeWait | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EC5685348CE70A41",
+                    "title": "Idle Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme7\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Idle | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B10542A88EB87840",
+                    "title": "Close Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme7\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Close | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Ecs-App.json b/aws-observability-terraform/examples/aws-observability/json/Ecs-App.json
new file mode 100644
index 00000000..a4ba10ff
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Ecs-App.json
@@ -0,0 +1,1555 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "Amazon ECS",
+    "description": "Amazon Elastic Container Service is a scalable, container management service that is used to manage containers in a cluster. With dashboards for Amazon ECS, you can monitor capacity and resource utilization of ECS components as well as quickly identify changes made to your clusters to help with troubleshooting.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon ECS - Overview",
+            "description": "The Amazon ECS - Overview dashboard provides an overview of CPU and memory utilization across all your ECS clusters and services. The customer upon checking the dashboard can determine which services are high in utilization and accordingly make decisions for the ECS deployment.",
+            "title": "1. Amazon ECS - Overview",
+            "rootPanel": null,
+            "theme": "Dark",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ecs"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-DAD554E4A6BCC843",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-EB38C97F935BEB4A",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":5,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-3FF7DB0BB6188A4D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-1C688241A2863A4E",
+                        "structure": "{\"height\":6,\"width\":7,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-801680AAAF52094B",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-AD09413E82EF994D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-396C9FA3B219CB46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-808B8CCF8E42CA46",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-CFB9A6668E9A594A",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-D3471365951C1843",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":29}"
+                    },
+                    {
+                        "key": "panelPANE-B7B36B9A9840D94F",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":29}"
+                    },
+                    {
+                        "key": "panelPANE-6CF530B1B7B1384B",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-ECF7967481FEAB48",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panelPANE-80FE1A5C8372F84F",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":3,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-EDD9E06BB32AEA42",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":6,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-99CD4FA5B28B0B4C",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":9,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-85B7A6BEAF5ADB44",
+                        "structure": "{\"height\":11,\"width\":9,\"x\":15,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-FD79A27BA70C494E",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":5,\"y\":19}"
+                    },
+                    {
+                        "key": "panelPANE-36979C96A6014942",
+                        "structure": "{\"height\":10,\"width\":14,\"x\":10,\"y\":19}"
+                    },
+                    {
+                        "key": "panelPANE-3C55753791F5A84A",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":0,\"y\":24}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-DAD554E4A6BCC843",
+                    "title": "Clusters",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Maximum\",\"label\":\"Clusters\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} ClusterName={{clustername}} | sum by ClusterName, account, region, namespace | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EB38C97F935BEB4A",
+                    "title": "Running Tasks",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Latest\",\"label\":\"Tasks\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} Metric=CPUUtilization ClusterName={{clustername}} ServiceName={{servicename}} statistic=samplecount | sum by account, region, namespace, ClusterName, ServiceName | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "For more details refer - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html#cw_running_task_count",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3FF7DB0BB6188A4D",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{ClusterName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1C688241A2863A4E",
+                    "title": "Average Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{Clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-801680AAAF52094B",
+                    "title": "Average CPU Reservation Percentage",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{ClusterName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUReservation statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AD09413E82EF994D",
+                    "title": "Average Memory Reservation Percentage",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{ClusterName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryReservation statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-396C9FA3B219CB46",
+                    "title": "Average GPU Reservation Percentage",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=GPUReservation statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-808B8CCF8E42CA46",
+                    "title": "Clusters",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CFB9A6668E9A594A",
+                    "title": "Services",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-D3471365951C1843",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[{\"label\":\"ClusterName\",\"value\":\"ClusterName\"}],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{ServiceName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average ClusterName={{clustername}} ServiceName={{servicename}} | avg by ClusterName, ServiceName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B7B36B9A9840D94F",
+                    "title": "Average Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[{\"label\":\"ClusterName\",\"value\":\"ClusterName\"}],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{ServiceName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization statistic=Average ClusterName={{clustername}} ServiceName={{servicename}} | avg by ClusterName, ServiceName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6CF530B1B7B1384B",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average ClusterName={{clustername}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-ECF7967481FEAB48",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average ClusterName={{clustername}} ServiceName={{servicename}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-80FE1A5C8372F84F",
+                    "title": "Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":100,\"color\":\"#f36644\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization statistic=Average ClusterName={{clustername}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EDD9E06BB32AEA42",
+                    "title": "CPU Reservation",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUReservation statistic=Average ClusterName={{clustername}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-99CD4FA5B28B0B4C",
+                    "title": "Memory Reservation",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryReservation statistic=Average ClusterName={{clustername}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-85B7A6BEAF5ADB44",
+                    "title": "Cluster Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"CPU Utilization\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Memory Utilization\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average clustername={{clustername}} | avg by clustername, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization statistic=Average clustername={{clustername}} | avg by clustername, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FD79A27BA70C494E",
+                    "title": "Average Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization statistic=Average ClusterName={{clustername}} ServiceName={{servicename}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-36979C96A6014942",
+                    "title": "Service Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"CPU Utilization\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Memory Utilization\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average clustername={{clustername}} servicename={{servicename}} | avg by clustername, servicename, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": " account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization statistic=Average clustername={{clustername}} servicename={{servicename}} | avg by clustername, servicename, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3C55753791F5A84A",
+                    "title": "Services",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Maximum\",\"label\":\"Services\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} Metric=CPUUtilization ClusterName={{clustername}} ServiceName={{servicename}} | sum by account, region, namespace, ClusterName, ServiceName | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ecs",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "clustername",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "clustername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "servicename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} clustername={{clustername}}",
+                        "key": "servicename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon ECS - Resource Utilization",
+            "description": "The Amazon ECS - Resource Utilization dashboard provides trends around CPU and Memory utilization for clusters and services.",
+            "title": "1. Amazon ECS - Resource Utilization",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "clustername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ecs"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-94BC2597AC36CA44",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-901C72C995EC4849",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-C48D067689C74940",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-BB90A45AA5CD2A49",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelE89F489BBBF0694C",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel799EDF7AB2CEEA45",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-6A4FFE3F9C2DEB4A",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-94BC2597AC36CA44",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"CPU Utilization\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_ClusterName=duc-test metric=avg(CPUUtilization)\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization Statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-901C72C995EC4849",
+                    "title": "Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Memory Utilization\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization Statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C48D067689C74940",
+                    "title": "Clusters",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{},\"text\":{\"alignment\":\"left\",\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": " "
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BB90A45AA5CD2A49",
+                    "title": "Services",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelE89F489BBBF0694C",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"CPU Utilization\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_ClusterName=duc-test metric=avg(CPUUtilization)\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{servicename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization Statistic=Average ClusterName={{clustername}} ServiceName={{servicename}}  | avg by ClusterName, ServiceName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel799EDF7AB2CEEA45",
+                    "title": "Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Memory Utilization\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{servicename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MemoryUtilization Statistic=Average ClusterName={{clustername}} ServiceName={{servicename}} | avg by ClusterName, ServiceName, account, region, namespace ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6A4FFE3F9C2DEB4A",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"series\":{},\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "- **CPU Utilization**: The percentage of CPU units that are used in the cluster or service.\n\n- **Memory Utilization**: The percentage of memory that is used in the cluster or service.\n\nThese metrics are available for both ECS clusters and services.\n\nAll Amazon ECS services using the Fargate launch type are enabled for CloudWatch CPU and memory utilization metrics automatically.\n\nFor more information: [Amazon ECS CloudWatch metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html)"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ecs",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "clustername",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "clustername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "servicename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} clustername={{clustername}}",
+                        "key": "servicename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon ECS - Audit Events",
+            "description": "The Amazon ECS - Audit Events dashboard provides insights into changes to your ECS environment including top IAM users, locations of events. The dashboard also shows the created, updated, and deleted events with respect to time, along with the details for the top 10 AWS Identity and Access Management users, and the last 20 Container Registration and Deregistration Events.",
+            "title": "2. Amazon ECS - Audit Events",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ecs"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-0046E81E9A249843",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-427C14EE9B45894A",
+                        "structure": "{\"height\":7,\"width\":16,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-E843FEF9BA8C0940",
+                        "structure": "{\"height\":14,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-AADECF2BA524A849",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-CE26D0879923C84D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-ED48C03398FA5A43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-8CB9EAD38C680B49",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-B26EEFB0B50DEA41",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":26}"
+                    },
+                    {
+                        "key": "panelPANE-0F2D957EB8B8F94F",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-21449CD186C2AA40",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-C74F040CA8569A49",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-0046E81E9A249843",
+                    "title": "ECS Events by Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\"\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| count as event_count by event_name\n| sort by event_count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-427C14EE9B45894A",
+                    "title": "ECS Events Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\"\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| timeslice 1h\n| count as event_count by event_name, _timeslice\n| transpose row _timeslice column event_name ",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E843FEF9BA8C0940",
+                    "title": "Location of Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AADECF2BA524A849",
+                    "title": "Created ECS Resources",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"resource_type\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" (CreateCluster or CreateService or RegisterContainerInstance or RegisterTaskDefinition or RunTask)\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| parse regex field=event_name \"^(?:Create|Run|Register)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| count as event_count by resource_type | sort by event_count, resource_type asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CE26D0879923C84D",
+                    "title": "Deleted ECS Resources",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"resource_type\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" (DeleteCluster or DeleteService or DeregisterContainerInstance or DeregisterTaskDefinition or StopTask)\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| parse regex field=event_name \"^(?:Delete|Deregister|Stop)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| count as event_count by resource_type\n| sort by event_count, resource_type asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-ED48C03398FA5A43",
+                    "title": "ECS Resources Created Over Time",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" (CreateCluster or CreateService or RegisterContainerInstance or RegisterTaskDefinition or RunTask)\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| parse regex field=event_name \"^(?:Create|Run|Register)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| timeslice 1h\n| count as event_count by resource_type, _timeslice\n| transpose row _timeslice column resource_type",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8CB9EAD38C680B49",
+                    "title": "ECS Resources Deleted Over Time",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" (DeleteCluster or DeleteService or DeregisterContainerInstance or DeregisterTaskDefinition or StopTask) !(InternalFailure)\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| parse regex field=event_name \"^(?:Delete|Deregister|Stop)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| timeslice 1h\n| count as event_count by resource_type, _timeslice\n| transpose row _timeslice column resource_type",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26EEFB0B50DEA41",
+                    "title": "Last 20 Container Registration and Deregistration Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" (RegisterContainerInstance or DeregisterContainerInstance)\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\" and event_name in (\"RegisterContainerInstance\", \"DeregisterContainerInstance\")\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2_instanceid nodrop\n| parse regex field=event_name \"^(?<event>[Register|Deregister]+)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| timeslice 1s\n| count _timeslice, event, resource_type, region, clustername, ec2_instanceid\n| fields -_count\n| sort _timeslice\n| limit 20\n//| fields -_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-0F2D957EB8B8F94F",
+                    "title": "Top 10 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\"\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| count as event_count by user\n| sort by event_count \n| limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-21449CD186C2AA40",
+                    "title": "Updated ECS Resources",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"resource_type\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"showLabels\":true,\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" *update*\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\" and (event_name matches \"*Update*\" or event_name matches \"*update*\")\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| parse regex field=event_name \"^(?:Update)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| count as event_count by resource_type\n| sort by event_count, resource_type asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C74F040CA8569A49",
+                    "title": "ECS Resources Updated Over Time",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"showLabels\":true,\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Event Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}  \"\\\"eventSource\\\":\\\"ecs.amazonaws.com\\\"\" *update*\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"requestParameters\", \"sourceIPAddress\" as event_name, event_source, Region, requestParameters, src_ip nodrop\n| where event_source = \"ecs.amazonaws.com\" and event_name matches \"Update*\"\n| json field=requestParameters \"cluster\" as clustername nodrop\n| json field=requestParameters \"service\", \"serviceName\" as service, servicename nodrop | if (isBlank(service), servicename, service) as servicename\n| where tolowercase(clustername) matches tolowercase(\"{{clustername}}\")\n| parse \"\\\"userName\\\":\\\"*\\\"\" as user nodrop\n| parse \"\\\"ec2InstanceId\\\":\\\"*\\\"\" as ec2InstanceId nodrop\n| parse regex field=event_name \"^(?:Update)(?<resource_type>[A-Z][A-Za-z]+)\" nodrop\n| timeslice 1h\n| count by resource_type, _timeslice\n| transpose row _timeslice column resource_type",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ecs",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "clustername",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "clustername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon ECS - Resource Reservation",
+            "description": "The Amazon ECS - Resource Reservation dashboard provides detailed insights into the average reservation (units utilized) by CPU, Memory, and GPU for a given cluster.",
+            "title": "2. Amazon ECS - Resource Reservation",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "clustername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ecs"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-94BC2597AC36CA44",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-FDD23D15950FB848",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelPANE-901C72C995EC4849",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelPANE-F5D3FA22BB65C945",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-94BC2597AC36CA44",
+                    "title": "Average CPU Reservation",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"CPU Reservation\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUReservation Statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FDD23D15950FB848",
+                    "title": "Average Memory Reservation",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Memory Reservation\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MemoryReservation Statistic=Average ClusterName={{clustername}} | avg by ClusterName, account, region, namespace ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-901C72C995EC4849",
+                    "title": "Average GPU Reservation",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"GPU Reservation\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{clustername}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GPUReservation Statistic=Average ClusterName={{clustername}} | max by ClusterName, account, region, namespace ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F5D3FA22BB65C945",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"series\":{},\"text\":{\"alignment\":\"left\",\"format\":\"markdown\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "- **CPU Reservation**: The percentage of CPU units that are reserved by running tasks in the cluster.\n\n- **Memory Reservation**: The percentage of memory that is reserved by running tasks in the cluster.\n\n- **GPU Reservation**: The percentage of total available GPUs that are reserved by running tasks in the cluster.\n\nThese metrics are available for clusters only.\n\nFor more information: [Amazon ECS CloudWatch metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html)"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ecs",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "clustername",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "clustername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/ElastiCache-App.json b/aws-observability-terraform/examples/aws-observability/json/ElastiCache-App.json
new file mode 100644
index 00000000..79c72e22
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/ElastiCache-App.json
@@ -0,0 +1,4710 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "Amazon ElastiCache",
+    "description": "Amazon ElastiCache allows you to set up, run, and scale popular open-source compatible in-memory data stores in the cloud. \n\nThe Amazon ElastiCache dashboards provide visibility into key event and performance analytics that enable proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics. The dashboards also have additional performance insights for Redis clusters.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon ElastiCache - Host Performance Details",
+            "description": "The Amazon ElastiCache - Host Performance Details dashboard shows an overview of the resource utilization for a given ElastiCache cluster across its nodes and also showcases trends around CPU, memory, swap usage and network traffic.",
+            "title": "1. Amazon ElastiCache - Host Performance Details",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "cacheclusterid": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-1161D6DCA0CF2842",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panel013CB3A4B9DC3A4C",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":26}"
+                    },
+                    {
+                        "key": "panelFE6ADF0195E64842",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panelA3C245028BD9D843",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":26}"
+                    },
+                    {
+                        "key": "panelA26E1E6397AB7B42",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":5}"
+                    },
+                    {
+                        "key": "panel3C352A88A33C0A4E",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panel3C01D90E9E2B7B4D",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panel84447385941EF844",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-436BAC5F8F71C844",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-1161D6DCA0CF2842",
+                    "title": "Network Packets In",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Packets\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel013CB3A4B9DC3A4C",
+                    "title": "Network Packets Out",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Packets\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelFE6ADF0195E64842",
+                    "title": "Network Bytes In",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheClusterId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA3C245028BD9D843",
+                    "title": "Network Bytes Out",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA26E1E6397AB7B42",
+                    "title": "Freeable Memory (GB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"GB\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=FreeableMemory statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace | eval _value / (1024 * 1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3C352A88A33C0A4E",
+                    "title": "Swap Usage (MB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"MB\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SwapUsage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace | eval _value / (1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3C01D90E9E2B7B4D",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Percent\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel84447385941EF844",
+                    "title": "Engine CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Percent\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-436BAC5F8F71C844",
+                    "title": "Cluster and Node Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"CPU Utilization\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Freeable Memory (GB)\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Engine CPU Utilization\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=FreeableMemory statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region | eval _value / (1024 * 1024 * 1024) ",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon ElastiCache - Host Performance Overview",
+            "description": "The Amazon ElastiCache - Host Performance Overview dashboard provides detailed insights into CPU, memory and network performance metrics of hosts running your ElastiCache clusters.",
+            "title": "1. Amazon ElastiCache - Host Performance Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-DAD554E4A6BCC843",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":15,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-3FF7DB0BB6188A4D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-AD09413E82EF994D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-6CF530B1B7B1384B",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-80FE1A5C8372F84F",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":6,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-EDD9E06BB32AEA42",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":3,\"y\":0}"
+                    },
+                    {
+                        "key": "panel989CF605A88D3844",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":21,\"y\":0}"
+                    },
+                    {
+                        "key": "panel64548DCEB83D194D",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":18,\"y\":0}"
+                    },
+                    {
+                        "key": "panelF38FB8BA80FD884B",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":9,\"y\":0}"
+                    },
+                    {
+                        "key": "panelD6156E21B17CA94F",
+                        "structure": "{\"height\":5,\"width\":3,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-DE9EBFD69FD53A46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panel4A4045BBA3228A4F",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":11}"
+                    },
+                    {
+                        "key": "panel608F10C3A9631A40",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":17}"
+                    },
+                    {
+                        "key": "panel622549C5B893994A",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":17}"
+                    },
+                    {
+                        "key": "panel0E86E8BAA74A8842",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panel8E23238D95CBF942",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":11}"
+                    },
+                    {
+                        "key": "panelF634964B97D8CB4B",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":5}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-DAD554E4A6BCC843",
+                    "title": "Bytes In",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"GB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / (1024 * 1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3FF7DB0BB6188A4D",
+                    "title": "Average Engine CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AD09413E82EF994D",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6CF530B1B7B1384B",
+                    "title": "Avg CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#16943E\"},{\"from\":75,\"to\":85,\"color\":\"#DFBE2E\"},{\"from\":85,\"to\":101,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-80FE1A5C8372F84F",
+                    "title": "Avg Free Memory (GB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"GB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=FreeableMemory statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg | eval _value / (1024 * 1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EDD9E06BB32AEA42",
+                    "title": "Avg Engine CPU Utilization ",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#16943E\"},{\"from\":75,\"to\":85,\"color\":\"#DFBE2E\"},{\"from\":85,\"to\":101,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel989CF605A88D3844",
+                    "title": "Swap Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"MB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SwapUsage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg | eval _value / (1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel64548DCEB83D194D",
+                    "title": "Bytes Out",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"GB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / (1024 * 1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF38FB8BA80FD884B",
+                    "title": "Packets In",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Million\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / 1000000",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD6156E21B17CA94F",
+                    "title": "Packets Out",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Million\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / 1000000",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-DE9EBFD69FD53A46",
+                    "title": "Bytes In - Today Vs Yesterday",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "((#A-#B)/#B)*100",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4A4045BBA3228A4F",
+                    "title": "Bytes Out - Today Vs Yesterday",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "((#A-#B)/#B)*100",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel608F10C3A9631A40",
+                    "title": "Net Difference of In and Out (Packets) Network Traffic",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_metric=sum(NetworkPacketsIn)\":{\"visible\":true},\"B_metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true},\"C_A.metric=sum(NetworkPacketsIn) metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"PacketsIn\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"PacketsOut\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Net Difference\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#B - #A",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel622549C5B893994A",
+                    "title": "Packets Out - Today Vs Yesterday",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "((#A-#B)/#B)*100",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0E86E8BAA74A8842",
+                    "title": "Packets In - Today Vs Yesterday",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "((#A-#B)/#B)*100",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8E23238D95CBF942",
+                    "title": "Net Difference of In and Out (Bytes) Network Traffic",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_metric=sum(NetworkPacketsIn)\":{\"visible\":true},\"B_metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true},\"C_A.metric=sum(NetworkPacketsIn) metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"BytesIn\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"BytesOut\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Net Difference\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#B - #A",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF634964B97D8CB4B",
+                    "title": "Swap Usage (MB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":25,\"color\":\"#75bf00\"},{\"from\":25,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"max\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SwapUsage statistic=Maximum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | max by account, region, namespace, CacheClusterId, CacheNodeId | eval _value / (1024 * 1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon ElastiCache - Audit Event Overview",
+            "description": "The Amazon ElastiCache - Audit Event Overview dashboard provides detailed insights into all events associated with ElastiCache clusters and specifically helps identify changes, errors, users and replication groups.",
+            "title": "2. Amazon ElastiCache - Audit Event Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-9A6827ADAFD40B48",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel808FD9FD8BFB6846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-F6D67170A3207848",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-55BA9CD690905848",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panelE1BCBDE685FB3944",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":29}"
+                    },
+                    {
+                        "key": "panelPANE-4D66006086774A44",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":6,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-829F6ADB86227949",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":29}"
+                    },
+                    {
+                        "key": "panel1DA5F9AA9C03F945",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-9D1136C884776B4C",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-C6B1C1249FED294C",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel422C79CD944AC840",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panelB86F7C84926F1844",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":6,\"y\":5}"
+                    },
+                    {
+                        "key": "panelABB275868F4B2A44",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":10}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-9A6827ADAFD40B48",
+                    "title": "Event Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by eventStatus\n| sort by _count, eventStatus asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel808FD9FD8BFB6846",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F6D67170A3207848",
+                    "title": "Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-55BA9CD690905848",
+                    "title": "Events Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE1BCBDE685FB3944",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4D66006086774A44",
+                    "title": "Top 10 Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count as Count by error_code | sort by Count, error_code asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-829F6ADB86227949",
+                    "title": "Failed Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, engine, engine_version\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1DA5F9AA9C03F945",
+                    "title": "Successful Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, engine, engine_version\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9D1136C884776B4C",
+                    "title": "Top 10 ReplicationGroupId's",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" replicationGroupId\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" \n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| where !isEmpty(replicationgroupid)\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| res_status as Status\n| count as Count by replicationgroupid | sort by Count, replicationgroupid asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C6B1C1249FED294C",
+                    "title": "Top 10 Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count as Count by type, user\n| sort by Count, type asc, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel422C79CD944AC840",
+                    "title": "Events by User",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by user, event_name\n| transpose row user column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB86F7C84926F1844",
+                    "title": "Event Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| if (event_name matches \"*Describe*\" or event_name matches \"*List*\", \"ReadOnly\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"*List*\"), \"Update\", \"Unkown\")) as EventType\n| where EventType<>\"Unknown\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by EventType",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelABB275868F4B2A44",
+                    "title": "Events Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1h\n| count by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon ElastiCache - Redis Performance Details",
+            "description": "The Amazon ElastiCache - Redis Performance Details dashboard provides detailed insights into cache hits, keys, replication, connections and failures of Redis ElastiCache clusters.",
+            "title": "2. Amazon ElastiCache - Redis Performance Details",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "cacheclusterid": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-3A698F8A9F87D943",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":8,\"y\":10}"
+                    },
+                    {
+                        "key": "panel4B06F578B4BFEA4B",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelD3510977A9100B4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panel45FB62658515F940",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panel4C36770FB66C0A41",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":8,\"y\":15}"
+                    },
+                    {
+                        "key": "panel2F33FBF99B938942",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":8,\"y\":5}"
+                    },
+                    {
+                        "key": "panelA7D4B21DAC6ECA4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10}"
+                    },
+                    {
+                        "key": "panel531765FA95966846",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":15}"
+                    },
+                    {
+                        "key": "panel4900BEC9B252BB4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelD94772A7BD6BD941",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelEEE8CD57BDA0B840",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":8,\"y\":20}"
+                    },
+                    {
+                        "key": "panel4190B757A8B60B4E",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":5}"
+                    },
+                    {
+                        "key": "panel8CD5BE7AB40B3840",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panel7B6650EFB77E4847",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panel322681E79C3C2A4A",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":20}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-3A698F8A9F87D943",
+                    "title": "Background Save Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Save In Progress\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SaveInProgress statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4B06F578B4BFEA4B",
+                    "title": "Cache Hits",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Hits\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheHits statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD3510977A9100B4C",
+                    "title": "Cache Misses",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Misses\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheMisses statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel45FB62658515F940",
+                    "title": "Active Defrag Hits",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Hits\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ActiveDefragHits statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4C36770FB66C0A41",
+                    "title": "Replication Bytes - Primary to Replicas",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ReplicationBytes statistic=average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2F33FBF99B938942",
+                    "title": "Master Link Health Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Health Status\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MasterLinkHealthStatus statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": " Primary node sync status with Redis on EC2",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA7D4B21DAC6ECA4C",
+                    "title": "Reclaimed - Key Expiration Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Keys\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=Reclaimed statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel531765FA95966846",
+                    "title": "Keys Tracked by Redis",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Keys\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeysTracked statistic=Maximum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | max by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4900BEC9B252BB4C",
+                    "title": "Key - Time To Live",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=DB0AverageTTL statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD94772A7BD6BD941",
+                    "title": "Number of Current Client Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Connections\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CurrConnections statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelEEE8CD57BDA0B840",
+                    "title": "Replication Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Seconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ReplicationLag statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4190B757A8B60B4E",
+                    "title": "Keys Evicted Due To Max Memory Limit",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Keys\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=Evictions statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8CD5BE7AB40B3840",
+                    "title": "New Connections Accepted By Server",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Connections\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NewConnections statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7B6650EFB77E4847",
+                    "title": "Items in Cache",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Items\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CurrItems statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel322681E79C3C2A4A",
+                    "title": "Authentication and Authorization Failures",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Failures\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*Failures statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon ElastiCache - Redis Command Latency",
+            "description": "The Amazon ElastiCache - Redis Command Latency dashboard provides detailed insights into latency of various Redis commands.",
+            "title": "3. Amazon ElastiCache - Redis Command Latency",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "cacheclusterid": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-DAD554E4A6BCC843",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-80FE1A5C8372F84F",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panel989CF605A88D3844",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panel2439E90A96110842",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":5}"
+                    },
+                    {
+                        "key": "panelB9A9D10FBAA24946",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panel8855326E87766846",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panel5C5F34089624DB45",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel213A8089AD47DB49",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panel68FD6E1FADC27840",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panel0A8F5410B2A40A47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panel99529F87A22CD940",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel509CEF36B7C8AB4B",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panel63CB5EBC9B50D943",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-3A698F8A9F87D943",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":0}"
+                    },
+                    {
+                        "key": "panel4B06F578B4BFEA4B",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panel85BF423289A9A849",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":5}"
+                    },
+                    {
+                        "key": "panelD3510977A9100B4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":5}"
+                    },
+                    {
+                        "key": "panel26A5E8FFADB40B43",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":10}"
+                    },
+                    {
+                        "key": "panel45FB62658515F940",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10}"
+                    },
+                    {
+                        "key": "panel8B618144B3D12B4F",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":15}"
+                    },
+                    {
+                        "key": "panelF21A4871A2A5EA43",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":20}"
+                    },
+                    {
+                        "key": "panel27C8934BB5EF8B4F",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":25}"
+                    },
+                    {
+                        "key": "panel4C36770FB66C0A41",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":30}"
+                    },
+                    {
+                        "key": "panel2F33FBF99B938942",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":15}"
+                    },
+                    {
+                        "key": "panelA7D4B21DAC6ECA4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":20}"
+                    },
+                    {
+                        "key": "panel531765FA95966846",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":25}"
+                    },
+                    {
+                        "key": "panelF914B054A0E02B48",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":30}"
+                    },
+                    {
+                        "key": "panel4900BEC9B252BB4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":30}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-DAD554E4A6BCC843",
+                    "title": "Key Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-80FE1A5C8372F84F",
+                    "title": "String Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel989CF605A88D3844",
+                    "title": "Set Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2439E90A96110842",
+                    "title": "Set Type Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB9A9D10FBAA24946",
+                    "title": "Get Type Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8855326E87766846",
+                    "title": "List Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5C5F34089624DB45",
+                    "title": "Hash Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel213A8089AD47DB49",
+                    "title": "SortedSet Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel68FD6E1FADC27840",
+                    "title": "HyperLogLog Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0A8F5410B2A40A47",
+                    "title": "Stream Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel99529F87A22CD940",
+                    "title": "Eval Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmdsLatency statistic=average CacheClusterId={{CacheClusterId}}  CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel509CEF36B7C8AB4B",
+                    "title": "GeoSpatial Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel63CB5EBC9B50D943",
+                    "title": "PubSub Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3A698F8A9F87D943",
+                    "title": "Eval Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4B06F578B4BFEA4B",
+                    "title": "Hash Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel85BF423289A9A849",
+                    "title": "Get Type Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD3510977A9100B4C",
+                    "title": "Set Type Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel26A5E8FFADB40B43",
+                    "title": "Key Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel45FB62658515F940",
+                    "title": "String Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8B618144B3D12B4F",
+                    "title": "PubSub Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF21A4871A2A5EA43",
+                    "title": "Set Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27C8934BB5EF8B4F",
+                    "title": "SortedSet Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4C36770FB66C0A41",
+                    "title": "GeoSpatial Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2F33FBF99B938942",
+                    "title": "HyperLogLog Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA7D4B21DAC6ECA4C",
+                    "title": "List Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel531765FA95966846",
+                    "title": "Stream Based Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF914B054A0E02B48",
+                    "title": "All *Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Microseconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*CmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4900BEC9B252BB4C",
+                    "title": "All *Cmds Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Microseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*CmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon ElastiCache - Redis Performance Overview",
+            "description": "The Amazon ElastiCache - Redis Performance Overview dashboard provides an overview into performance, evictions and authentication and authorization failures of ElastiCache Redis clusters.",
+            "title": "3. Amazon ElastiCache - Redis Performance Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-DAD554E4A6BCC843",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":17}"
+                    },
+                    {
+                        "key": "panelPANE-3FF7DB0BB6188A4D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-1C688241A2863A4E",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-801680AAAF52094B",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-AD09413E82EF994D",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-396C9FA3B219CB46",
+                        "structure": "{\"height\":12,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-6CF530B1B7B1384B",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-80FE1A5C8372F84F",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":17}"
+                    },
+                    {
+                        "key": "panelPANE-EDD9E06BB32AEA42",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-99CD4FA5B28B0B4C",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panel344E0AB5B863A84E",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panel989CF605A88D3844",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":17}"
+                    },
+                    {
+                        "key": "panel2439E90A96110842",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":17}"
+                    },
+                    {
+                        "key": "panelB9A9D10FBAA24946",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panel8855326E87766846",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panel5C5F34089624DB45",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":12}"
+                    },
+                    {
+                        "key": "panelDFA21075A50A1943",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":17}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-DAD554E4A6BCC843",
+                    "title": "Current Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Connections\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CurrConnections statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3FF7DB0BB6188A4D",
+                    "title": "Engine CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1C688241A2863A4E",
+                    "title": "Database Memory Usage Percentage",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":85,\"color\":\"#75bf00\"},{\"from\":85,\"to\":95,\"color\":\"#f6c851\"},{\"from\":95,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=DatabaseMemoryUsagePercentage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-801680AAAF52094B",
+                    "title": "Replica Lag (seconds)",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":3,\"color\":\"#75bf00\"},{\"from\":3,\"to\":5,\"color\":\"#f6c851\"},{\"from\":5,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ReplicationLag statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AD09413E82EF994D",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#75bf00\"},{\"from\":75,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-396C9FA3B219CB46",
+                    "title": "Cache Hit Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":85,\"to\":100,\"color\":\"#75bf00\"},{\"from\":80,\"to\":85,\"color\":\"#f6c851\"},{\"from\":0,\"to\":80,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheHitRate statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6CF530B1B7B1384B",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#16943E\"},{\"from\":75,\"to\":85,\"color\":\"#DFBE2E\"},{\"from\":85,\"to\":101,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-80FE1A5C8372F84F",
+                    "title": "Authentication Failures",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Failures\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#16943E\"},{\"from\":5,\"to\":10,\"color\":\"#DFBE2E\"},{\"from\":10,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=AuthenticationFailures statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EDD9E06BB32AEA42",
+                    "title": "Engine CPU Utilization ",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#16943E\"},{\"from\":75,\"to\":85,\"color\":\"#DFBE2E\"},{\"from\":85,\"to\":101,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-99CD4FA5B28B0B4C",
+                    "title": "Database Memory Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#16943E\"},{\"from\":75,\"to\":85,\"color\":\"#DFBE2E\"},{\"from\":85,\"to\":101,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=DatabaseMemoryUsagePercentage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel344E0AB5B863A84E",
+                    "title": "Cache Hit Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#16943E\"},{\"from\":75,\"to\":85,\"color\":\"#DFBE2E\"},{\"from\":0,\"to\":75,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false},\"gauge\":{\"show\":true}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheHitRate statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel989CF605A88D3844",
+                    "title": "Key Authorization Failures",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Failures\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#16943E\"},{\"from\":5,\"to\":10,\"color\":\"#DFBE2E\"},{\"from\":10,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyAuthorizationFailures statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | Sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2439E90A96110842",
+                    "title": "Evictions",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Evictions\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=Evictions statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB9A9D10FBAA24946",
+                    "title": "New Connections",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Connections\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NewConnections statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8855326E87766846",
+                    "title": "Memory Fragmentation Ratio",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Ratio\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":1,\"to\":1.5,\"color\":\"#16943E\"},{\"from\":0,\"to\":1,\"color\":\"#DFBE2E\"},{\"from\":1.5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MemoryFragmentationRatio statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5C5F34089624DB45",
+                    "title": "Bytes Used For Cache",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"GB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#16943E\"},{\"from\":0.5,\"to\":1,\"color\":\"#DFBE2E\"},{\"from\":0,\"to\":0.5,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=BytesUsedForCache statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / (1024*1024*1024)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDFA21075A50A1943",
+                    "title": "Command Authorization Failures",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Failures\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#16943E\"},{\"from\":5,\"to\":10,\"color\":\"#DFBE2E\"},{\"from\":10,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CommandAuthorizationFailures statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. Amazon ElastiCache - Audit Event Details",
+            "description": "The Amazon ElastiCache - Audit Event Details dashboard provides detailed insights into key operations made on your ElastiCache clusters.",
+            "title": "4. Amazon ElastiCache - Audit Event Details",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-4C321E5190BBC948",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelE8A325FDA251DB4E",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel8DB1C189BCAC284A",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panelD63592089E8E5A4A",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0,\"minHeight\":3,\"minWidth\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-4C321E5190BBC948",
+                    "title": "Create, Add, Increase ElastiCache Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Create* or CreateCacheCluster or CacheClusterProvisioningComplete or AddCacheNodeComplete or IncreaseReplicaCount)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Create*\" or event_name in (\"CreateCacheCluster\", \"CacheClusterProvisioningComplete\", \"AddCacheNodeComplete\", \"IncreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"cacheSubnetGroupName\", \"vpcId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, cachesubnetgroupname, vpcid, snapshotretentionlimit nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, cachesubnetgroupname, vpcid, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, cachesubnetgroupname, vpcid, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE8A325FDA251DB4E",
+                    "title": "Modify ElastiCache Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Modify* or ModifyCacheCluster or CacheClusterParametersChanged or CacheClusterScalingComplete or CacheClusterSecurityGroupModified or IncreaseReplicaCount or DecreaseReplicaCount)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Modify*\" or event_name in (\"ModifyCacheCluster\", \"CacheClusterParametersChanged\", \"CacheClusterScalingComplete\", \"CacheClusterSecurityGroupModified\", \"IncreaseReplicaCount\", \"DecreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, snapshotretentionlimit nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8DB1C189BCAC284A",
+                    "title": "Delete, Remove, Decrease, Revoke, Reset ElastiCache Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Delete* or Remove* or Decrease* or RemoveCacheNodeComplete or DeleteCacheClusterComplete or DecreaseReplicaCount or Revoke* or Reset*)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Delete*\" or event_name matches \"Remove*\" or event_name matches \"Decrease*\" or event_name matches \"Revoke*\" or event_name matches \"Reset*\" or event_name in (\"RemoveCacheNodeComplete\", \"DeleteCacheClusterComplete\", \"DecreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, snapshotretentionlimit  nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid //, engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid //, engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD63592089E8E5A4A",
+                    "title": "Node Reboot ElastiCache Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Reboot* or CacheNodesRebooted)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Reboot*\" or event_name=\"CacheNodesRebooted\")\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"res_cacheClusterStatus\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, res_cacheClusterStatus, snapshotretentionlimit  nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| eventStatus as status\n| where tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. Amazon ElastiCache - Redis Command Stats",
+            "description": "The Amazon ElastiCache - Redis Command Stats dashboard provides detailed insights into the number of commands being performed.",
+            "title": "4. Amazon ElastiCache - Redis Command Stats",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "cacheclusterid": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-DAD554E4A6BCC843",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-80FE1A5C8372F84F",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panel989CF605A88D3844",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panel2439E90A96110842",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":5}"
+                    },
+                    {
+                        "key": "panelB9A9D10FBAA24946",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panel8855326E87766846",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panel5C5F34089624DB45",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel213A8089AD47DB49",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panel68FD6E1FADC27840",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panel0A8F5410B2A40A47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panel99529F87A22CD940",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel509CEF36B7C8AB4B",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panel63CB5EBC9B50D943",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-3A698F8A9F87D943",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":0}"
+                    },
+                    {
+                        "key": "panel4B06F578B4BFEA4B",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panel85BF423289A9A849",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":5}"
+                    },
+                    {
+                        "key": "panelD3510977A9100B4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":5}"
+                    },
+                    {
+                        "key": "panel26A5E8FFADB40B43",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":10}"
+                    },
+                    {
+                        "key": "panel45FB62658515F940",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10}"
+                    },
+                    {
+                        "key": "panel8B618144B3D12B4F",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":15}"
+                    },
+                    {
+                        "key": "panelF21A4871A2A5EA43",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":15,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel27C8934BB5EF8B4F",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":15,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel4C36770FB66C0A41",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":4,\"y\":15,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel2F33FBF99B938942",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panelA7D4B21DAC6ECA4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel531765FA95966846",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panelF914B054A0E02B48",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":25,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel4900BEC9B252BB4C",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":16,\"y\":10,\"minHeight\":3,\"minWidth\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-DAD554E4A6BCC843",
+                    "title": "Key Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-80FE1A5C8372F84F",
+                    "title": "String Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel989CF605A88D3844",
+                    "title": "Set Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2439E90A96110842",
+                    "title": "Set Type Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB9A9D10FBAA24946",
+                    "title": "Get Type Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8855326E87766846",
+                    "title": "List Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5C5F34089624DB45",
+                    "title": "Hash Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel213A8089AD47DB49",
+                    "title": "Sorted Set Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel68FD6E1FADC27840",
+                    "title": "HyperLogLog Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0A8F5410B2A40A47",
+                    "title": "Stream Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel99529F87A22CD940",
+                    "title": "Eval Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel509CEF36B7C8AB4B",
+                    "title": "Geospatial Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel63CB5EBC9B50D943",
+                    "title": "PubSub Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3A698F8A9F87D943",
+                    "title": "Eval Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4B06F578B4BFEA4B",
+                    "title": "Hash Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel85BF423289A9A849",
+                    "title": "Get Type Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD3510977A9100B4C",
+                    "title": "Set Type Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel26A5E8FFADB40B43",
+                    "title": "Key Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel45FB62658515F940",
+                    "title": "String Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8B618144B3D12B4F",
+                    "title": "PubSub Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF21A4871A2A5EA43",
+                    "title": "Set Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27C8934BB5EF8B4F",
+                    "title": "Sorted Set Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4C36770FB66C0A41",
+                    "title": "Geospatial Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2F33FBF99B938942",
+                    "title": "HyperLogLog Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA7D4B21DAC6ECA4C",
+                    "title": "List Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel531765FA95966846",
+                    "title": "Stream Based Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF914B054A0E02B48",
+                    "title": "All *Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Commands\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*Cmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4900BEC9B252BB4C",
+                    "title": "All *Cmds",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Commands\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*Cmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "cacheclusterid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "cachenodeid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Lambda-App.json b/aws-observability-terraform/examples/aws-observability/json/Lambda-App.json
new file mode 100644
index 00000000..7ca3d211
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Lambda-App.json
@@ -0,0 +1,3195 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS Lambda",
+    "description": "The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Metrics and the CloudTrail Lambda Data Events to visualize the operational and performance trends in all the Lambda functions in your account. The preconfigured dashboards provide insights into executions such as memory and duration usage by function versions or aliases, errors, billed duration, function callers, IAM users, and threat details.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Lambda - Overview",
+            "description": "The AWS Lambda - Overview dashboard provides intuitive insights with CloudWatch Lambda metrics, CloudTrail audit logs for Lambda, as well as  Lambda logs to give you an at-a-glance view of actions, performance, and health of your AWS Lambda functions.",
+            "title": "1. AWS Lambda - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-003c8b8f895dbb44",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":6,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-8e03665b8cdca84a",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-ca5a7c80a6581847",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-3607a1da9980c849",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":18,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-3aa7297fa4a29944",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":18,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-bae35066b5b60848",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-f03235ddbab6fa4b",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panelpane-02614a9cbadabb4e",
+                        "structure": "{\"height\":6,\"width\":3,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-58fe78d0978b6843",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelpane-9661a24080cb7a43",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-d4d18b06ac340b4d",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-2c1355a7927f8946",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-d9f052d8a3216943",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":15,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-10f4e6b2b578c949",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":43}"
+                    },
+                    {
+                        "key": "panelpane-d93f12b480302940",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":50}"
+                    },
+                    {
+                        "key": "panelpane-6a76b586aaa6eb44",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":50}"
+                    },
+                    {
+                        "key": "panelpane-6dcf5bbf91746849",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":43}"
+                    },
+                    {
+                        "key": "panelPANE-2E7EA641BAAB3A42",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-32972729B258184D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
+                    },
+                    {
+                        "key": "panelPANE-F3CF4036807F6A48",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":35}"
+                    },
+                    {
+                        "key": "panelPANE-7CDE0CEA8CE70A4E",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-E8769C639BAF1947",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":42}"
+                    },
+                    {
+                        "key": "panelPANE-646319CAA0B03A4E",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":28}"
+                    },
+                    {
+                        "key": "panelA75FF450AE9AAB4D",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":35}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-003c8b8f895dbb44",
+                    "title": "Top IAM Users Using Lambda Functions",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"bar\"},\"legend\":{\"enabled\":false},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" IAMUser account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Invocations by caller\n| top 10 caller by Invocations",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-8e03665b8cdca84a",
+                    "title": "Invocations - Today vs Yesterday vs Last Week",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Invocations\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift -1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift -7d ",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ca5a7c80a6581847",
+                    "title": "Errors - Today vs Yesterday vs Last Week",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Errors\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Last Week\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3607a1da9980c849",
+                    "title": "Duration - Today vs Yesterday vs Last Week",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Last Week\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Duration statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Duration statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Duration statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3aa7297fa4a29944",
+                    "title": "Throttling - Today vs Yesterday vs Last Week",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Avg Throttling Events\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Last Week\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Throttles statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Throttles statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Throttles statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-bae35066b5b60848",
+                    "title": "Top Functions by Duration",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\",\"decimals\":2},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| sum(Duration) as %\"Total Duration\", avg(Duration) as %\"Avg Duration\", count as Invocations by functionname\n| top 10 functionname by %\"Avg Duration\", %\"Total Duration\", Invocations\n| format( \"%.2f\",%\"Avg Duration\") as %\"Avg Duration\"\n| format( \"%.2f\",%\"Total Duration\") as %\"Total Duration\"",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f03235ddbab6fa4b",
+                    "title": "Top Functions by Memory Used",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\",\"aggregationType\":\"max\",\"fontSize\":12,\"paginationPageSize\":100},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used Size\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| max(MaxMemoryUsed) as MaxMemoryUsed, avg(MemorySize) as AvgMemorySize by functionname\n| top 10 functionname by MaxMemoryUsed, functionname asc, AvgMemorySize",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-02614a9cbadabb4e",
+                    "title": "Function Errors",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Errors\",\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":\"1\",\"to\":\"5\",\"color\":\"#DFBE2E\"},{\"from\":\"5\",\"to\":null,\"color\":\"#BF2121\"}],\"option\":\"Sum\",\"labelFontSize\":10,\"noDataString\":\"0\",\"rounding\":0},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(errorMessage or ERROR or CRITICAL) account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-58fe78d0978b6843",
+                    "title": "Allocated Memory vs Used Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"bar\",\"displayType\":\"stackedPercent\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(MemorySize) as MemorySizeAvg, avg(MaxMemoryUsed) as MaxMemoryUsedAvg by functionname\n| (MemorySizeAvg - MaxMemoryUsedAvg) as RemainingMemory\n| RemainingMemory/MemorySizeAvg as wastageRatio\n| top 5 functionname by wastageRatio, RemainingMemory, MaxMemoryUsedAvg\n| fields -wastageRatio",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9661a24080cb7a43",
+                    "title": "Performance",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d4d18b06ac340b4d",
+                    "title": "Audit",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\",\"fontSize\":20},\"title\":{\"fontSize\":20},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2c1355a7927f8946",
+                    "title": "Top AWS Services Using Lambda Functions",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"bar\"},\"legend\":{\"enabled\":false},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Invocations by caller\n| top 10 caller by Invocations",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d9f052d8a3216943",
+                    "title": "Top Error Messages",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(errorMessage or ERROR or CRITICAL) account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as num_errors by errorMessage, functionname\n| top 30 errorMessage, functionname by num_errors desc, errorMessage asc, functionname asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-10f4e6b2b578c949",
+                    "title": "Invocations and Provisioned Concurrency Invocations",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Invocations\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Invocations\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"ProvisionedConcurrencyInvocations\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrencyInvocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d93f12b480302940",
+                    "title": "Provisioned Concurrent Executions",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Provisioned Concurrent Executions\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Provisioned Concurrent Executions\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrentExecutions statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The number of events that are being processed on provisioned concurrency. For each invocation of an alias or version with provisioned concurrency, Lambda emits the current count.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6a76b586aaa6eb44",
+                    "title": "Provisioned Concurrency Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Provisioned Concurrency Utilization\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Provisioned Concurrency Utilization\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrencyUtilization statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The number of events that are being processed on provisioned concurrency, divided by the total amount of provisioned concurrency allocated. For example, .5 indicates that 50 percent of allocated provisioned concurrency is in use. For each invocation of an alias or version with provisioned concurrency, Lambda emits the current count.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6dcf5bbf91746849",
+                    "title": "Provisioned Concurrency Spillover Invocations",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Provisioned Concurrency Spillover Invocations\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"Provisioned Concurrency Spillover Invocations\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrencySpilloverInvocations statistic=Maximum account={{account}} region={{region}} functionname={{functionname}} Resource=* | max by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The number of invocations that are run on nonprovisioned concurrency, when all provisioned concurrency is in use. For a version or alias that is configured to use provisioned concurrency, Lambda increments the count once for each invocation that runs on non-provisioned concurrency.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2E7EA641BAAB3A42",
+                    "title": "Caller Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-32972729B258184D",
+                    "title": "Successful Vs Failed Requests",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (!isEmpty(errorMessage), 1, 0) as haserror\n| if (!isEmpty(errorMessage), 0, 1) as noerror\n| sum(haserror) as failures, sum(noerror) as successes by functionname\n| top 10 functionname by failures, successes",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F3CF4036807F6A48",
+                    "title": "Requests by Function Versions",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count by functionname, version\n| transpose row functionname column version",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-7CDE0CEA8CE70A4E",
+                    "title": "Success and Failures",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E8769C639BAF1947",
+                    "title": "Provisioned Concurrency",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-646319CAA0B03A4E",
+                    "title": "Most Frequent Function Operations",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} eventName\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as count by functionname, event_name | sort by count, functionname, event_name | limit 20",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA75FF450AE9AAB4D",
+                    "title": "Top Functions by Cold Start Duration (ms)",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Cold Start Duration (ms)\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}  \"init duration\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=message  \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\" as reqId, duration, bill_duration, mem_total, mem_used, initDur \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(initDur) as initDuration by functionname\n| sort by initDuration,functionname\n| limit 20",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Lambda - Request Analysis",
+            "description": "The AWS Lambda - Request Analysis dashboard provides deeper insights into the invocations and performance of your AWS Lambda functions.",
+            "title": "1. AWS Lambda - Request Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-3c5b34dda0bbb840",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-3f9f39638d387a43",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":31}"
+                    },
+                    {
+                        "key": "panelpane-16e3f20782380843",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-ddbffb2b8add794a",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-34eea0d88a1afb49",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-f13c1239a1f49b42",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":6,\"y\":31}"
+                    },
+                    {
+                        "key": "panelpane-1b7a3c298ca95949",
+                        "structure": "{\"height\":8,\"width\":16,\"x\":8,\"y\":23}"
+                    },
+                    {
+                        "key": "panelpane-9bdb6681b76a7946",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":31}"
+                    },
+                    {
+                        "key": "panelPANE-147BE636A6B81842",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-11D188E7BCA5C94F",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-99C148768D8B7A45",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-493D84E79DACFB44",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-E92623F985DD0A48",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-5A94FACABB0B6947",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-204391B58D3AD849",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":8}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-3c5b34dda0bbb840",
+                    "title": "Invocations Trend and Cold Starts Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"0\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Requests\"},\"axisX\":{\"title\":\"\"},\"axisY2\":{\"title\":\"Cold Starts\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"column\",\"axisYType\":\"secondary\",\"color\":\"#dfbe2e\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}  \"init duration\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=message  \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\" as reqId, duration, bill_duration, mem_total, mem_used, initDur \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 5m \n| count by functionname, _timeslice\n| fillmissing timeslice (5m) in _timeslice, values all in functionname\n| transpose row _timeslice column functionname",
+                            "queryType": "Logs",
+                            "queryKey": "C",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3f9f39638d387a43",
+                    "title": "Top Source IPs",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as events by src_ip\n| top 10 src_ip by events, src_ip asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-16e3f20782380843",
+                    "title": "Invocations by Function Version",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as invocations by function_version\n| top 10 function_version by invocations, function_version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ddbffb2b8add794a",
+                    "title": "Invocation by Function Version  - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":3},\"axes\":{\"axisY\":{\"title\":\"Invoke Frequency\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" (\"\\\"eventName\\\":\\\"Invoke\\\"\" OR \"\\\"eventName\\\":\\\"AssumedRole\\\"\") account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name in (\"Invoke\", \"AssumedRole\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count as InvokeFrequency by function_version, _timeslice\n| transpose row _timeslice column function_version",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-34eea0d88a1afb49",
+                    "title": "Top Caller Types and Callers",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as activities by caller_type, caller\n| top 10 caller_type, caller  by activities, caller_type asc, caller",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f13c1239a1f49b42",
+                    "title": "Function by Version Alias, RequestID",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId2>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId2>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| json \"requestID\", \"record.requestId\" as RequestId3, RequestId4 nodrop\n| if (isEmpty(RequestId), RequestId2, RequestId) as RequestId | if (isEmpty(RequestId), RequestId3, RequestId) as RequestId | if (isEmpty(RequestId), RequestId4, RequestId) as RequestId\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (isEmpty(errorMessage), \"Success\", \"Failure\") as eventStatus\n| count as frequency by functionname, version, eventStatus, requestId\n| sort by functionname asc\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-1b7a3c298ca95949",
+                    "title": "Function Caller Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as frequency by functionname, function_version, caller, caller_type, src_ip, Region\n| sort by frequency, functionname, function_version, caller, caller_type, src_ip, Region\n| limit 30 | fields -frequency",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9bdb6681b76a7946",
+                    "title": "Requests by Version Alias",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count as events by version\n| sort by events, version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-147BE636A6B81842",
+                    "title": "Location of Callers",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"map\":{\"layerType\":\"Cluster\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress \n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and !(src_ip matches \"*.amazonaws.com\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, event_name\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-11D188E7BCA5C94F",
+                    "title": "Performance",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-99C148768D8B7A45",
+                    "title": "Lambda Events",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-493D84E79DACFB44",
+                    "title": "Pass Vs Fail Requests",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"column\"}},{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"column\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (isEmpty(errorMessage), \"Success\", \"Failure\") as eventStatus\n| timeslice 15m\n| count as eventCount by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E92623F985DD0A48",
+                    "title": "Requests by Version Alias",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count by functionname, version\n| transpose row version column functionname",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-5A94FACABB0B6947",
+                    "title": "Requests Pass Vs Fail",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"pie\"}},{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"pie\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (isEmpty(errorMessage), \"Success\", \"Failure\") as eventStatus\n| count as eventCount by eventStatus\n| sort by eventCount, eventStatus asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-204391B58D3AD849",
+                    "title": "Function Duration and Cold Start Duration (ms)",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Function Duration\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"color\":\"#dfbe2e\",\"name\":\"Cold Start Duration\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 15m\n| sum(Duration) as Duration by functionname, _timeslice\n| transpose row _timeslice column functionname",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}  \"init duration\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=message  \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\" as reqId, duration, bill_duration, mem_total, mem_used, initDur \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 5m\n| avg(initDur) as initDuration by functionname, _timeslice\n| transpose row _timeslice column functionname",
+                            "queryType": "Logs",
+                            "queryKey": "B",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Lambda - Usage Analysis",
+            "description": "AWS Lambda - Usage Analysis dashboard provides insights into function usage by AWS services, user agents, and IAM users.",
+            "title": "2. AWS Lambda - Usage Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-b239f83881e27a4b",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-045582fa80a23843",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-3949f1ef821c9b43",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-2957042f8a83b942",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-113c30a1b0e1db4e",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-77af4eac9b2f9b41",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-9f0dd042ad7cda45",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-802f003ca7026848",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-b239f83881e27a4b",
+                    "title": "IAM User Invoking Functions - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Frequency\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"IAMUser\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop\n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count by caller, _timeslice\n| transpose row _timeslice column caller ",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-045582fa80a23843",
+                    "title": "Top IAM User Invoking Functions",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"IAMUser\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Frequency by caller\n| top 10 caller by Frequency",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-3949f1ef821c9b43",
+                    "title": "Time Compare - IAM User Invoking Functions",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"IAMUser\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as today by caller \n| compare with timeshift 1d as yesterday\n| sort by today\n| today_yesterday as yesterday\n| fields -today_yesterday",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2957042f8a83b942",
+                    "title": "AWS Services Invoking Functions - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Frequency\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop\n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count by caller, _timeslice\n| transpose row _timeslice column caller",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-113c30a1b0e1db4e",
+                    "title": "Time Compare - AWS Services Invoking Functions",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \n\"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as today by caller\n| compare with timeshift 1d as yesterday\n| sort by today\n| today_yesterday as yesterday\n| fields -today_yesterday",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-77af4eac9b2f9b41",
+                    "title": "Top AWS Services Invoking Functions",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Frequency by caller\n| top 10 caller by Frequency",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9f0dd042ad7cda45",
+                    "title": "User Agents",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} userAgent\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\"\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Frequency by user_agent\n| top 10 user_agent by Frequency, user_agent asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-802f003ca7026848",
+                    "title": "Time Compare - User Agent",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} userAgent\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\"\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as today by user_agent\n| compare with timeshift 1d as yesterday\n| today_yesterday as yesterday\n| sort by today, yesterday\n| fields -today_yesterday\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS Lambda - Error Analysis",
+            "description": "The AWS Lambda - Error Analysis dashboard provides insights on errors and warnings in your AWS Lambda functions.",
+            "title": "3. AWS Lambda - Error Analysis",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-a12e5afa999cfa4e",
+                        "structure": "{\"height\":7,\"width\":4,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-9b125784bf09f843",
+                        "structure": "{\"height\":7,\"width\":14,\"x\":10,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-94e9b41a9d04284b",
+                        "structure": "{\"height\":6,\"width\":10,\"x\":4,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-e4b91e63a4412947",
+                        "structure": "{\"height\":6,\"width\":10,\"x\":14,\"y\":22}"
+                    },
+                    {
+                        "key": "panelpane-655003898484f942",
+                        "structure": "{\"height\":6,\"width\":10,\"x\":4,\"y\":22}"
+                    },
+                    {
+                        "key": "panelpane-fd692661bfea5a47",
+                        "structure": "{\"height\":6,\"width\":10,\"x\":14,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-df7ce2499c0fa842",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":4,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-9F1118A790758B40",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-ED7E848CA880B844",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-DEE76A78994C6B46",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panelPANE-2CE18154866C3A4E",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelPANE-10275E94B0B60A47",
+                        "structure": "{\"height\":7,\"width\":4,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-A76512D39E6EDA49",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":4,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-2436227CAC35E940",
+                        "structure": "{\"height\":7,\"width\":14,\"x\":10,\"y\":8}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-a12e5afa999cfa4e",
+                    "title": "Error Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9b125784bf09f843",
+                    "title": "Top Error Messages",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as Frequency by errorMessage, functionname, version\n| top 30 errorMessage, functionname, version by Frequency desc, errorMessage asc, functionname asc, version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-94e9b41a9d04284b",
+                    "title": "Errors - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"circle\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Error Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}}],\"series\":{},\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Errors Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Errors Statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e4b91e63a4412947",
+                    "title": "Iterator Age - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"circle\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All Entities\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=IteratorAge Statistic=Maximum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=IteratorAge Statistic=Maximum account={{account}} region={{region}} functionname=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-655003898484f942",
+                    "title": "Throttling - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"circle\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Invocation Throttled Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across all entities\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Throttles Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | Sum by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Throttles Statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fd692661bfea5a47",
+                    "title": "Dead Letter Errors - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Error Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DeadLetterErrors Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DeadLetterErrors Statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-df7ce2499c0fa842",
+                    "title": "Error Breakdown",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count by version\n| sort by _count, version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9F1118A790758B40",
+                    "title": "Lambda Performance",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-ED7E848CA880B844",
+                    "title": "Lambda Events",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-DEE76A78994C6B46",
+                    "title": "Invocation Throttles",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Throttled\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":24},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Throttles Statistic=sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2CE18154866C3A4E",
+                    "title": "Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":24,\"labelFontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-10275E94B0B60A47",
+                    "title": "Warning Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Warnings\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":10,\"color\":\"#DFBE2E\"},{\"from\":10,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} WARNING\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL|WARNING):(?<warningMessage>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\s(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL|WARNING) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<warningMessage>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| where !isEmpty(warningMessage)\n| count as eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A76512D39E6EDA49",
+                    "title": "Warning Breakdown",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":30,\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} WARNING\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL|WARNING):(?<warningMessage>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\s(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL|WARNING) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<warningMessage>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| where !isEmpty(warningMessage)\n| count by version\n| sort by _count, version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2436227CAC35E940",
+                    "title": "Top Warning Messages",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} WARNING\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL|WARNING):(?<warningMessage>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\s(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL|WARNING) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<warningMessage>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| where !isEmpty(warningMessage)\n| count as Frequency by warningMessage, functionname, version\n| top 30 warningMessage, functionname, version by Frequency desc, warningMessage asc, functionname asc, version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS Lambda - Resource Usage",
+            "description": "AWS Lambda - Resource Usage dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, and compute usage.",
+            "title": "4. AWS Lambda - Resource Usage",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-a6e5e649a3dd1b48",
+                        "structure": "{\"height\":8,\"width\":13,\"x\":11,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-6fce866fb553d845",
+                        "structure": "{\"height\":4,\"width\":13,\"x\":11,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-cb75ba2e8296da45",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-dffe2c33b7aa9a4e",
+                        "structure": "{\"height\":4,\"width\":11,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-fa25f26eb2ecab46",
+                        "structure": "{\"height\":4,\"width\":11,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-17077145b6c3c841",
+                        "structure": "{\"height\":4,\"width\":11,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-41411978beff494d",
+                        "structure": "{\"height\":5,\"width\":11,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-419733b5bbfebb4a",
+                        "structure": "{\"height\":5,\"width\":13,\"x\":11,\"y\":21}"
+                    },
+                    {
+                        "key": "panel4E6DAA3DAA450A49",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel65100DE4812F894F",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panel77A3F8EEB03EC842",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel8E61D69B81806846",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":6}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-a6e5e649a3dd1b48",
+                    "title": "Max Memory Used (MB) - Timeline",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"MB\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 15m\n| sum(MaxMemoryUsed) as MaxMemoryUsedSum by functionname, _timeslice\n| transpose row _timeslice column functionname",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6fce866fb553d845",
+                    "title": "Duration (ms)",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| sum(Duration) as TotalDuration, avg(Duration) as AvgDuration, min(Duration) as MinDuration, max(Duration) as MaxDuration by functionname\n| sort by TotalDuration, functionname asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-cb75ba2e8296da45",
+                    "title": "Recent Request Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory Used Size\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count as Frequency by functionname, RequestId, Duration, BilledDuration, MemorySize, MaxMemoryUsed, _messagetime \n| sort by _messagetime | limit 20\n| formatDate(_messagetime, \"yyyy/MM/dd HH:mm:ss Z\") as time\n| fields -Frequency\n| fields -_messagetime\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-dffe2c33b7aa9a4e",
+                    "title": "Max Memory Used (MB)",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| sum(MaxMemoryUsed) as MemoryUsed by functionname\n| sort by MemoryUsed, functionname asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fa25f26eb2ecab46",
+                    "title": "Average Duration vs Average Billed Unused Duration",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(BilledDuration) as BilledDurationAvg, avg(Duration) as AvgDuration by functionname\n| BilledDurationAvg-AvgDuration as BilledUnusedDuration\n| BilledUnusedDuration/BilledDurationAvg as wastageRatio\n| top 5 functionname by wastageRatio, BilledUnusedDuration, AvgDuration\n| fields -wastageRatio",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-17077145b6c3c841",
+                    "title": "Avg Unused Allocated Memory vs Avg Used Memory",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(MemorySize) as MemorySizeAvg, avg(MaxMemoryUsed) as MaxMemoryUsedAvg by functionname\n| (MemorySizeAvg-MaxMemoryUsedAvg) as AvgUnusedAllocatedMemory\n| AvgUnusedAllocatedMemory/MemorySizeAvg as wastageRatio\n| top 5 functionname by wastageRatio, AvgUnusedAllocatedMemory, MaxMemoryUsedAvg\n| fields -wastageRatio",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-41411978beff494d",
+                    "title": "Compute Usage (GB-s)",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n// AWS Billing Calculation\n| BilledDuration/1000 as BillDurationSeconds\n| MemorySize/1024 as MemorySizeGB\n| BillDurationSeconds * MemorySizeGB as ComputeUsage\n| sum(ComputeUsage) as ComputeUsage by functionname\n| sort by ComputeUsage, functionname",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-419733b5bbfebb4a",
+                    "title": "Compute Usage (GB-s) - Timeline",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"ComputeUsage\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 15m\n// AWS Billing Calculation\n| BilledDuration/1000 as BillDurationSeconds\n| MemorySize/1024 as MemorySizeGB\n| BillDurationSeconds * MemorySizeGB as ComputeUsage\n| sum(ComputeUsage) as ComputeUsage by functionname, _timeslice\n| transpose row _timeslice column functionname",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4E6DAA3DAA450A49",
+                    "title": "Lambda Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"left\",\"format\":\"text\",\"text\":\"\",\"showTitle\":true},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel65100DE4812F894F",
+                    "title": "Compute Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"left\",\"format\":\"text\",\"text\":\"\",\"showTitle\":true},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel77A3F8EEB03EC842",
+                    "title": "Duration",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"left\",\"format\":\"text\",\"text\":\"\",\"showTitle\":true},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel8E61D69B81806846",
+                    "title": "Memory Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"left\",\"format\":\"text\",\"text\":\"\",\"showTitle\":true},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. AWS Lambda - Performance Trends",
+            "description": "AWS Lambda - Performance Trends dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage.",
+            "title": "5. AWS Lambda - Performance Trends",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-8a8e4a2cab0beb4c",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-4fda36319f35b841",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-4313def9ba295844",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-b147fe9a88d8fb4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-30e8f3b78c1f2b41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-9906166682e0bb4a",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panelpane-32b7aab792cb294a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-65a4a31cb839aa4e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-9e36cd5daf47184a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-767aaa0f99e1584d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-8a8e4a2cab0beb4c",
+                    "title": "Average Function Duration",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Across All entities\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Duration Statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Duration Statistic=Average account={{account}} region={{region}} functionname=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4fda36319f35b841",
+                    "title": "Note:",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"center\",\"showTitle\":true,\"format\":\"markdown\",\"text\":\"\"},\"series\":{},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Concurrent Executions: This shows you the concurrent executions at an account level, and for any function with a custom concurrency limit. Both graphs will be same if none of the functions are configured with concurrency limit. Not applicable for versions or aliases.\n\nUnreservedConcurrentExecutions: This shows you the total concurrent executions for functions assigned to the default unreserved concurrency pool. Not applicable for functions, versions, or aliases.\n\nInvocations vs Errors vs Throttle: It's important to distinguish between an invocation request and an actual invocation. It is possible for the error rate to exceed the number of billed Lambda function invocations. Lambda reports an invocation metric only if the Lambda function code is executed. If the invocation request yields a throttling or other initialization error that prevents the Lambda function code from being invoked, Lambda will report an error, but it does not log an invocation metric."
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4313def9ba295844",
+                    "title": "Performance",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":\"20\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"left\",\"format\":\"text\",\"text\":\"\",\"showTitle\":true}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b147fe9a88d8fb4d",
+                    "title": "Unreserved Concurrent Executions (Today,  Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Unreserved Concurrent Executions\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today, {{region}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{region}}\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=UnreservedConcurrentExecutions Statistic=Average account={{account}} region={{region}} | avg by namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=UnreservedConcurrentExecutions Statistic=Average account={{account}} region={{region}} | avg by namespace, region, account | timeshift -1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=UnreservedConcurrentExecutions Statistic=Average account={{account}} region={{region}} | avg by namespace, region, account | timeshift -7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-30e8f3b78c1f2b41",
+                    "title": "Concurrent Executions",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"circle\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Concurrent Executions\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Across All Entities\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ConcurrentExecutions Statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ConcurrentExecutions Statistic=Average account={{account}} region={{region}} functionname=* |  sum",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9906166682e0bb4a",
+                    "title": "Lambda Events - Prediction Trends",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":\"20\"},\"text\":{\"fontSize\":24,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"#222D3B\",\"alignment\":\"left\",\"format\":\"text\",\"text\":\"\",\"showTitle\":true}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-32b7aab792cb294a",
+                    "title": "Unused Memory - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"MB\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n| sum(MemorySize) as MemorySize, sum(MaxMemoryUsed) as MaxMemoryUsed by _timeslice\n| MemorySize - MaxMemoryUsed as UnusedMemory\n| predict UnusedMemory by 10m model=ar, forecast=18\n| fields - MaxMemoryUsed, MemorySize, UnusedMemory_error, UnusedMemory_linear",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-65a4a31cb839aa4e",
+                    "title": "Memory Used - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"MB\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n| sum(MaxMemoryUsed) as MaxMemoryUsed by _timeslice\n| predict MaxMemoryUsed by 10m model=ar, forecast=18\n| fields - MaxMemoryUsed_error, MaxMemoryUsed_linear",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9e36cd5daf47184a",
+                    "title": "Compute Usage (GB-s) - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory Size\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n// AWS Billing Calculation\n| BilledDuration/1000 as BillDurationSeconds\n| MemorySize/1024 as MemorySizeGB\n| BillDurationSeconds * MemorySizeGB as ComputeUsage\n| sum(ComputeUsage) as ComputeUsage by _timeslice\n| predict ComputeUsage by 10m model=ar, forecast=18\n| fields - ComputeUsage_linear, ComputeUsage_error",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-767aaa0f99e1584d",
+                    "title": "Billed Duration - Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Milliseconds\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n| sum(BilledDuration) as BilledDuration by _timeslice\n| predict BilledDuration by 10m model=ar, forecast=18\n| fields - BilledDuration_error, BilledDuration_linear",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6. AWS Lambda - Threat Intel",
+            "description": "AWS Lambda - Threat Intel dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic’s Threat Intel feature. Panels show detailed information on malicious IPs and the malicious confidence of each threat.",
+            "title": "6. AWS Lambda - Threat Intel",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-3b762241ac0aba4d",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-c08479a8a0390b4d",
+                        "structure": "{\"height\":6,\"width\":16,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-b8ffc92b8b722a41",
+                        "structure": "{\"height\":8,\"width\":16,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-c605d948852ffb48",
+                        "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-642147F890E0F848",
+                        "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-79AA62F18928EA42",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":0,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-3b762241ac0aba4d",
+                    "title": "All IP Threat Count",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Threats\",\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"noDataString\":\"0\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum(ip_count) as threat_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c08479a8a0390b4d",
+                    "title": "Highly Malicious IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, functionName, caller, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, functionName, caller, user_agent, type, actor, malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b8ffc92b8b722a41",
+                    "title": "All IP Threats Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by src_ip, malicious_confidence, Actor, label_name\n| sort by malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c605d948852ffb48",
+                    "title": "Malicious Confidence",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip,  functionName, caller, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count as Threats by malicious_confidence\n| sort by Threats",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-642147F890E0F848",
+                    "title": "Threat Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-79AA62F18928EA42",
+                    "title": "Function Accessed by Highly Malicious Threat IPs",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, functionName\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(_count) as UniqueThreatIPs by functionName\n| top 20 functionName by UniqueThreatIPs, functionName asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Nlb-App.json b/aws-observability-terraform/examples/aws-observability/json/Nlb-App.json
new file mode 100644
index 00000000..33430d40
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Nlb-App.json
@@ -0,0 +1,2052 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS Network Load Balancer",
+    "description": "The AWS Network Load Balancer service is distributed in OSI Layer 4 (i.e., network) traffic (e.g., TCP, UDP, TLS) and can handle over a million requests per second. \n\nThe AWS Network Load Balancer dashboards provide insights to ensure that your network load-balancers are operating as expected, backend hosts are healthy and to quickly identify errors.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Network Load Balancer - Active and New Flows",
+            "description": "The AWS Network Load Balancer - Active and New Flows dashboard provides detailed insights for new flows, and active flows for TCP, TLS, and UDP traffic.",
+            "title": "1. AWS Network Load Balancer - Active and New Flows",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-189058059223F848",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panel27BCAC0AB2617849",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":11}"
+                    },
+                    {
+                        "key": "panelC8EEA6B78D4AB943",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":29}"
+                    },
+                    {
+                        "key": "panelB42DE669AC848A41",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelEB8866F6B9A7B84A",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel4C302868A2082A46",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panel707E3FC09AF3D84F",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelF8C139BCBECE294F",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":29}"
+                    },
+                    {
+                        "key": "panelPANE-A133BD608B9CF848",
+                        "structure": "{\"height\":2,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel40FED14D822EA945",
+                        "structure": "{\"height\":2,\"width\":12,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-189058059223F848",
+                    "title": "Active Flow Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Active Flow Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27BCAC0AB2617849",
+                    "title": "Active Flow Count TCP",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Active Flow Count TCP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount_TCP Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8EEA6B78D4AB943",
+                    "title": "Active Flow Count UDP",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Active Flow Count UDP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount_UDP Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB42DE669AC848A41",
+                    "title": "Active Flow Count TLS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Active Flow Count TLS\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount_TLS Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelEB8866F6B9A7B84A",
+                    "title": "New Flow Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"New Flow Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4C302868A2082A46",
+                    "title": "New Flow Count TCP",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"New Flow Count TCP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount_TCP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel707E3FC09AF3D84F",
+                    "title": "New Flow Count TLS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"New Flow Count TLS\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount_TLS Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF8C139BCBECE294F",
+                    "title": "New Flow Count UDP",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"New Flow Count UDP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount_UDP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A133BD608B9CF848",
+                    "title": "Active Flows",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"text\":{\"format\":\"markdown\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Active Flow Count represents the total number of concurrent flows (or connections) from clients to targets in a given time.<br>"
+                },
+                {
+                    "id": null,
+                    "key": "panel40FED14D822EA945",
+                    "title": "New Flows",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"text\":{\"format\":\"markdown\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "NewFlowCount represents the total number of new flows (or connections) established from clients to targets in a given time period.<br>"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "availabilityzone",
+                    "displayName": "availabilityzone",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "availabilityzone"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Network Load Balancer - Overview",
+            "description": "The AWS Network Load Balancer - Overview dashboard provides detailed insights into a view of network utilization and performance. The dashboard provides information about the errors, health, and traffic handled by the load balancer.",
+            "title": "1. AWS Network Load Balancer - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-B783C42895F01841",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-34953014A4481A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":0}"
+                    },
+                    {
+                        "key": "panel386F017C878D5841",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panel4AD8EFE2BB4B3846",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-37E902BBB2FA6B4F",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-9DA7EDA9BA89FB4B",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-35FB0983AD5AB948",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panel40DF804DB965B847",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":6,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panelCF6450A3ADF0A848",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":6,\"minHeight\":3,\"minWidth\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-B783C42895F01841",
+                    "title": "Client TLS Negotiation Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-34953014A4481A4A",
+                    "title": "Target TLS Negotiation Error",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel386F017C878D5841",
+                    "title": "Healthy Hosts (Current)",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone=* TargetGroup=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AD8EFE2BB4B3846",
+                    "title": "Unhealthy Hosts (Current)",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone=* TargetGroup=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-37E902BBB2FA6B4F",
+                    "title": "Active Flows (Connections) by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Active Flow (Connection) Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9DA7EDA9BA89FB4B",
+                    "title": "Bytes Processed by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Bytes Processed\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-35FB0983AD5AB948",
+                    "title": "Max Unhealthy Hosts Observed by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":0,\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Hosts\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=maximum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | max by loadbalancer | filter max > 0",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel40DF804DB965B847",
+                    "title": "TLS Negotiation Errors by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"TLS Negotiation Error Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=*TLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCF6450A3ADF0A848",
+                    "title": "Reset (RST) Packets Generated by Load Balancer",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"TCP ELB Reset Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_ELB_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Network Load Balancer - Host Health Status",
+            "description": "The AWS Network Load Balancer - Host Health Status dashboard provides detailed insights into the number of healthy and unhealthy hosts.",
+            "title": "2. AWS Network Load Balancer - Host Health Status",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-A8B06EE987093949",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":0}"
+                    },
+                    {
+                        "key": "panelC5327885B1BFFA41",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelBA3E4E7BA3BFEA47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelFD2921F7A1FA1846",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panel8D55B304B57A4844",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":0}"
+                    },
+                    {
+                        "key": "panel7C5DA2FA91826B4D",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelD5793C5B9BF5A846",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panelCBEF96D69714BA4A",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":5}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-A8B06EE987093949",
+                    "title": "Maximum Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Maximum\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=maximum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC5327885B1BFFA41",
+                    "title": "Minimum Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Minimum\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=minimum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBA3E4E7BA3BFEA47",
+                    "title": "Current Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelFD2921F7A1FA1846",
+                    "title": "Maximum Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Maximum\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=maximum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8D55B304B57A4844",
+                    "title": "Minimum Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Minimum\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=minimum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7C5DA2FA91826B4D",
+                    "title": "Current Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD5793C5B9BF5A846",
+                    "title": "Healthy Hosts Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Healthy Host Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}:{{AvailabilityZone}}:{{TargetGroup}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone, TargetGroup",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCBEF96D69714BA4A",
+                    "title": "Unhealthy Hosts Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"UnHealthy Host Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}:{{AvailabilityZone}}:{{TargetGroup}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone, TargetGroup",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "availabilityzone",
+                    "displayName": "availabilityzone",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "availabilityzone"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "targetgroup",
+                    "displayName": "targetgroup",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "targetgroup"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS Network Load Balancer - Errors",
+            "description": "The AWS Network Load Balancer - Errors dashboard provides detailed insights into the errors reported by the network load balancer. This dashboard shows information for the total number of TLS handshakes that failed during negotiation between a client and a TLS listener, and the total number of TLS handshakes that failed during negotiation between a TLS listener and a target.",
+            "title": "3. AWS Network Load Balancer - Errors",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelB42DE669AC848A41",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelF70F63039D95E945",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-933CB6069C593942",
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-925F14A7BD81B948",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":3}"
+                    },
+                    {
+                        "key": "panel06904E5989D9A94A",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelB42DE669AC848A41",
+                    "title": "TLS Listener <--> Target - Failed TLS Handshakes Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Target TLS Negotiation Error Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by LoadBalancer, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF70F63039D95E945",
+                    "title": "Client <--> TLS Listener - Failed TLS Handshakes Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Client TLS Negotiation Error Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by LoadBalancer, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-933CB6069C593942",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"text\":{\"alignment\":\"left\",\"format\":\"markdown\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "ClientTLSNegotiationErrorCount: The total number of TLS handshakes that failed during negotiation between a client and a TLS listener.\n<br><br>\nTargetTLSNegotiationErrorCount: The total number of TLS handshakes that failed during negotiation between a TLS listener and a target."
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-925F14A7BD81B948",
+                    "title": "Client <--> TLS Listener - Total Failed TLS Handshakes",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel06904E5989D9A94A",
+                    "title": "TLS Listener <--> Target - Total Failed TLS Handshakes",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS Network Load Balancer - Reset (RST) Packets",
+            "description": "The AWS Network Load Balancer - Reset (RST) Packets dashboard provides detailed insights into the number reset (RST) packets received by the network load balancer. The dashboard shows the information for the total number of reset (RST) packets sent from a client to a target , the total number of reset (RST) packets generated by the load balancer, and the total number of reset (RST) packets sent from a target to a client.",
+            "title": "4. AWS Network Load Balancer - Reset (RST) Packets",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel19BBFED8B9FFAB42",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":9,\"y\":9}"
+                    },
+                    {
+                        "key": "panelCA1D60DCBF8ED942",
+                        "structure": "{\"height\":9,\"width\":9,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panel9BDEA0AA9A87084A",
+                        "structure": "{\"height\":9,\"width\":7,\"x\":17,\"y\":9}"
+                    },
+                    {
+                        "key": "panelPANE-2C072B2F8F5D6A48",
+                        "structure": "{\"height\":4,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-F5B1358399E67B42",
+                        "structure": "{\"height\":5,\"width\":9,\"x\":0,\"y\":4}"
+                    },
+                    {
+                        "key": "panel3D350340B35D794B",
+                        "structure": "{\"height\":5,\"width\":8,\"x\":9,\"y\":4}"
+                    },
+                    {
+                        "key": "panel786DB7449D04FA4C",
+                        "structure": "{\"height\":5,\"width\":7,\"x\":17,\"y\":4}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel19BBFED8B9FFAB42",
+                    "title": "Reset (RST) Packets Sent from a \u001dClient to a Target",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"TCP Client Reset Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_Client_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCA1D60DCBF8ED942",
+                    "title": "Reset (RST) Packets Generated by the Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"TCP ELB Reset Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_ELB_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9BDEA0AA9A87084A",
+                    "title": "Reset (RST) Packets Sent from a Target to a Client",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"TCP Target Reset Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_Target_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2C072B2F8F5D6A48",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"text\":{\"alignment\":\"left\",\"format\":\"markdown\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Reset (RST) packets are responsible for the immediate termination of a TCP connection.  An abnormal rise in the number of reset packets generated by the load balancer likely requires an immediate response, as this means that the load balancer is dropping a significant amount of connections. <br>\n\nTCP_Client_Reset_Count: The total number of reset (RST) packets sent from a client to a target. These resets are generated by the client and forwarded by the load balancer.\n<br>\nTCP_ELB_Reset_Count: The total number of reset (RST) packets generated by the load balancer.\n<br>\nTCP_Target_Reset_Count: The total number of reset (RST) packets sent from a target to a client. These resets are generated by the target and forwarded by the load balancer.\n<br>\n<br>\n"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F5B1358399E67B42",
+                    "title": "Total Reset (RST) Packets Generated by the Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"RESET Packets\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_ELB_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3D350340B35D794B",
+                    "title": "Total Reset (RST) Packets Sent from a \u001dClient to a Target",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"RESET Packets\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_Client_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel786DB7449D04FA4C",
+                    "title": "Total Reset (RST) Packets Sent from a Target to a Client",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"RESET Packets\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=TCP_Target_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "availabilityzone",
+                    "displayName": "availabilityzone",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "availabilityzone"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. AWS Network Load Balancer - Processed Bytes",
+            "description": "The AWS Network Load Balancer - Processed Bytes dashboard provides detailed insights into the amount of bytes processed by the load balancer for total, UDP, TCP and TLS traffic.",
+            "title": "5. AWS Network Load Balancer - Processed Bytes",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-189058059223F848",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel27BCAC0AB2617849",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":8,\"y\":9}"
+                    },
+                    {
+                        "key": "panelC8EEA6B78D4AB943",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelB42DE669AC848A41",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":16,\"y\":9}"
+                    },
+                    {
+                        "key": "panelPANE-A239472497B9F94F",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-189058059223F848",
+                    "title": "Total Processed Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Processed Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27BCAC0AB2617849",
+                    "title": "Processed Bytes by TCP Listener",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Processed Bytes TCP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes_TCP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8EEA6B78D4AB943",
+                    "title": "Processed Bytes by UDP Listener",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Processed Bytes UDP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes_UDP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB42DE669AC848A41",
+                    "title": "Processed Bytes by TLS Listener",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Processed Bytes TLS\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes_TLS Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A239472497B9F94F",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"text\":{\"format\":\"markdown\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "ProcessedBytes: The total number of bytes processed by the load balancer, including TCP/IP headers. This count includes traffic to and from targets, minus health check traffic."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "availabilityzone",
+                    "displayName": "availabilityzone",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "availabilityzone"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6. AWS Network Load Balancer - Consumed LCUs",
+            "description": "The AWS Network Load Balancer - Consumed LCUs dashboard shows you the total number of load balancer capacity units (LCU) used by your load balancer by network protocol.",
+            "title": "6. AWS Network Load Balancer - Consumed LCUs",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-189058059223F848",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel27BCAC0AB2617849",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":8,\"y\":9}"
+                    },
+                    {
+                        "key": "panelC8EEA6B78D4AB943",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelB42DE669AC848A41",
+                        "structure": "{\"height\":9,\"width\":8,\"x\":16,\"y\":9}"
+                    },
+                    {
+                        "key": "panelPANE-BC46700A8145E848",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-189058059223F848",
+                    "title": "Consumed LCUs",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Consumed LCUs\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27BCAC0AB2617849",
+                    "title": "Consumed LCUs For TCP",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Consumed LCUs TCP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs_TCP Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8EEA6B78D4AB943",
+                    "title": "Consumed LCUs For UDP",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Consumed LCUs UDP\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs_UDP Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB42DE669AC848A41",
+                    "title": "Consumed LCUs For  TLS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"showLabels\":true,\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"showLabels\":true,\"title\":\"Consumed LCUs TLS\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{LoadBalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs_TLS Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BC46700A8145E848",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"text\":{\"alignment\":\"left\",\"format\":\"markdown\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Consumed LCUs: The number of load balancer capacity units (LCU) used by your load balancer. You pay for the number of LCUs that you use per hour."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": "networkloadbalancer",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Overview-App.json b/aws-observability-terraform/examples/aws-observability/json/Overview-App.json
new file mode 100644
index 00000000..c7ab88c2
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Overview-App.json
@@ -0,0 +1,1957 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "Amazon Overview",
+    "description": "The Overview folder provides Account and Region level overview dashboards.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Account Overview",
+            "description": "This dashboard provide detail information about your AWS account.",
+            "title": "1. AWS Account Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-7914d172a686b845",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-6bc131b8aefba843",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":32}"
+                    },
+                    {
+                        "key": "panelpane-6b1253898d854b40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-ca3c365b98f73b4e",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-81738ecdbf440a42",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-71f8315495fd0b46",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-C917D1C897F83843",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-F361E48F8E269B40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-0175F671BCE9DB48",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-8B2702079B7A8B41",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":17}"
+                    },
+                    {
+                        "key": "panelPANE-5713E01F906CE84D",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelPANE-3597FB879CA88941",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-6542461980C52B40",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":31}"
+                    },
+                    {
+                        "key": "panelPANE-11DF78EE83723844",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-990ED69BA97C3A4D",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-9648BD99ACAD4849",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-2489C9AEA5489B4A",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-9C29675CB0058942",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-C98E94B8BC492948",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":32}"
+                    },
+                    {
+                        "key": "panelAABAD2FE9205AA4E",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":31}"
+                    },
+                    {
+                        "key": "panelF2E64D6B906DDB44",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":38}"
+                    },
+                    {
+                        "key": "panel77E0CEBEA7649B4B",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":39}"
+                    },
+                    {
+                        "key": "panel5980D268B4EE3A45",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":39}"
+                    },
+                    {
+                        "key": "panel910F54329F30394B",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}"
+                    },
+                    {
+                        "key": "panel715899D4A61D7A4E",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":45}"
+                    },
+                    {
+                        "key": "panel892FA012BAB81847",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":46}"
+                    },
+                    {
+                        "key": "panel1B45947395C32A46",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":46}"
+                    },
+                    {
+                        "key": "panelPANE-4DB82AE09A727A40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":46}"
+                    },
+                    {
+                        "key": "panelPANE-BFC03D75BE2ED945",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":46}"
+                    },
+                    {
+                        "key": "panelCCB18C3ABFFE7B46",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":32}"
+                    },
+                    {
+                        "key": "panelPANE-93FACF5F979E6A4B",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-829C893895A9EA4F",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-9BF16BAEA2C13A49",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-9CD9CA05B552CA44",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-9D6E7556A262C846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":11}"
+                    },
+                    {
+                        "key": "panel9A752B10B7A38B4A",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":11}"
+                    },
+                    {
+                        "key": "panelF8611200A33CD847",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":38}"
+                    },
+                    {
+                        "key": "panel510C3885ADF8E840",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-7914d172a686b845",
+                    "title": "Lambda Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":24,\"labelFontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=AWS/Lambda metric=Errors statistic=Sum account={{account}} region=* functionname=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6bc131b8aefba843",
+                    "title": "DynamoDB Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":24,\"labelFontSize\":16},\"hiddenQueryKeys\":[\"A\",\"B\",\"C\"]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/dynamodb metric=UserErrors Statistic=SampleCount account={{account}} region=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace=aws/dynamodb metric=SystemErrors Statistic=SampleCount account={{account}} region=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace=aws/dynamodb metric=ConditionalCheckFailedRequests Statistic=SampleCount account={{account}} region=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#A+#B+#C",
+                            "queryType": "Metrics",
+                            "queryKey": "D",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6b1253898d854b40",
+                    "title": "EC2 Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=AWS/EC2 metric=CPU_Total account={{account}} region=* instanceId=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ca3c365b98f73b4e",
+                    "title": "RDS Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/rds metric=CPUUtilization statistic=average account={{account}} region=* dbidentifier=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-81738ecdbf440a42",
+                    "title": "EC2 Average Free Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Free Memory (GB)\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=AWS/EC2 account={{account}} metric=Mem_Free region=* instanceId=* | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-71f8315495fd0b46",
+                    "title": "RDS Average Freeable Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Freeable Memory (GB)\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/rds metric=FreeableMemory statistic=average account={{account}} region=* dbidentifier=* | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C917D1C897F83843",
+                    "title": "API Gateway Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ApiGateway (metric=4XXError or metric=5XXError) statistic=Sum account={{account}} region=* apiname=* | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F361E48F8E269B40",
+                    "title": "ALB Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ApplicationELB (metric=HTTPCode_ELB_4XX_Count or metric=HTTPCode_ELB_5XX_Count) statistic=Sum account={{account}} region=* loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-0175F671BCE9DB48",
+                    "title": "Application Load Balancer (ALB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8B2702079B7A8B41",
+                    "title": "API Gateway",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-5713E01F906CE84D",
+                    "title": "EC2",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3597FB879CA88941",
+                    "title": "RDS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6542461980C52B40",
+                    "title": "DynamoDB",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-11DF78EE83723844",
+                    "title": "Lambda",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-990ED69BA97C3A4D",
+                    "title": "AWS Resource Activity",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(*Create* or *Delete* or *Terminate* or *Remove* or *Update* or *Modify* or *Change*) \"\\\"eventSource\\\"\" \"\\\"eventName\\\"\" account={{account}} \n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| parse field=event_source \"*.amazonaws.com\" as aws_service\n| where event_source matches \"*.amazonaws.com\" and (event_name matches \"*Create*\" or event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\" or event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\")\n| if (event_name matches \"*Create*\", \"Create\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\", \"Delete\", if (event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\", \"Update\", event_name))) as activity\n| count by activity, aws_service\n| transpose row activity column aws_service",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9648BD99ACAD4849",
+                    "title": "Requests By API Name",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ApiGateway metric=count Statistic=sum account={{account}} region=* apiname=* | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2489C9AEA5489B4A",
+                    "title": "Requests Served by ALB",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account={{account}} region=*  loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9C29675CB0058942",
+                    "title": "Lambda Invocations",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{functionname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/lambda metric=Invocations statistic=Sum account={{account}} region=* functionname=* | sum by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C98E94B8BC492948",
+                    "title": "DynamoDB Requests By Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"aggregationType\":\"sum\"},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/dynamodb metric=SuccessfulRequestLatency Statistic=SampleCount account={{account}} region=* tablename=* | sum by tablename, namespace, region, account | eval round(_value)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelAABAD2FE9205AA4E",
+                    "title": "ElastiCache",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelF2E64D6B906DDB44",
+                    "title": "ECS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel77E0CEBEA7649B4B",
+                    "title": "ECS Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/ecs metric=CPUUtilization statistic=Average account={{account}} region=* ClusterName=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5980D268B4EE3A45",
+                    "title": "ECS Average Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% Memory Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/ecs metric=MemoryUtilization statistic=Average account={{account}} region=* ClusterName=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel910F54329F30394B",
+                    "title": "ElastiCache Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/elasticache metric=CPUUtilization statistic=Average account={{account}} region=* CacheClusterId=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel715899D4A61D7A4E",
+                    "title": "Network Load Balancer (NLB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel892FA012BAB81847",
+                    "title": "TLS Negotiation Errors by NLB",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/NetworkELB metric=*TLSNegotiationErrorCount statistic=Sum account={{account}} region=* loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1B45947395C32A46",
+                    "title": "Active Connections by NLB",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/networkelb metric=ActiveFlowCount Statistic=Sum account={{account}} region=* loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4DB82AE09A727A40",
+                    "title": "NLB - Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region=* LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BFC03D75BE2ED945",
+                    "title": "NLB - Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region=* LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCCB18C3ABFFE7B46",
+                    "title": "Elasticache Average Freeable Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Freeable Memory (GB)\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/elasticache metric=FreeableMemory statistic=average account={{account}} region=* CacheClusterId=* CacheNodeId=* | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-93FACF5F979E6A4B",
+                    "title": "Activity Overview",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-829C893895A9EA4F",
+                    "title": "Incoming Activity Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"map\":{\"layerType\":\"Cluster\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\"\" account={{account}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source matches \"*amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9BF16BAEA2C13A49",
+                    "title": "Classic Load Balancer (ELB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9CD9CA05B552CA44",
+                    "title": "Classic Load Balancer (ELB) Latency (ms)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} Namespace=AWS/ELB metric=Latency Statistic=Average region=* loadbalancername=* | eval(_value*1000) | avg by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9D6E7556A262C846",
+                    "title": "ELB Errors",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} Namespace=AWS/ELB (metric=HTTPCode_ELB_4XX or metric=HTTPCode_ELB_5XX) Statistic=Sum region=* loadbalancername=* | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9A752B10B7A38B4A",
+                    "title": "Requests Served by ELB",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ELB metric=RequestCount Statistic=Sum account={{account}} region=* loadbalancername=* | sum by loadbalancername, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF8611200A33CD847",
+                    "title": "Application and Classic Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel510C3885ADF8E840",
+                    "title": "Active Connections (ALB)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} Namespace=AWS/ApplicationELB metric=ActiveConnectionCount Statistic=Sum region=* loadbalancer=* | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. AWS Region Overview",
+            "description": "This dashboard provide detail information about your AWS account.",
+            "title": "1. AWS Region Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-7914d172a686b845",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-6bc131b8aefba843",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":32}"
+                    },
+                    {
+                        "key": "panelpane-6b1253898d854b40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-ca3c365b98f73b4e",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-81738ecdbf440a42",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-71f8315495fd0b46",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-C917D1C897F83843",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-F361E48F8E269B40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-0175F671BCE9DB48",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-8B2702079B7A8B41",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":17}"
+                    },
+                    {
+                        "key": "panelPANE-5713E01F906CE84D",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelPANE-3597FB879CA88941",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-6542461980C52B40",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":31}"
+                    },
+                    {
+                        "key": "panelPANE-11DF78EE83723844",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":24}"
+                    },
+                    {
+                        "key": "panelPANE-4C7145EF82FC1947",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-990ED69BA97C3A4D",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-F1128ED3889B6944",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-9648BD99ACAD4849",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":18}"
+                    },
+                    {
+                        "key": "panelPANE-2489C9AEA5489B4A",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-9C29675CB0058942",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-C98E94B8BC492948",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":32}"
+                    },
+                    {
+                        "key": "panel725CC05C81EA784C",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":31}"
+                    },
+                    {
+                        "key": "panel86A26767A50B3B4A",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":38}"
+                    },
+                    {
+                        "key": "panelPANE-F10EDBC587594846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}"
+                    },
+                    {
+                        "key": "panelPANE-87D374AA91098B41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-20B99A47A408EB4E",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-F69D8CACA7C3B940",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":45}"
+                    },
+                    {
+                        "key": "panelPANE-E6118184874FA945",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":46}"
+                    },
+                    {
+                        "key": "panelPANE-1D70CFBE83238A4B",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":46}"
+                    },
+                    {
+                        "key": "panelPANE-A6FF66ABA4CDCB4B",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":46}"
+                    },
+                    {
+                        "key": "panelPANE-1E7F8086B885C943",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":46}"
+                    },
+                    {
+                        "key": "panelPANE-2AEC3E7192D9D942",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":32}"
+                    },
+                    {
+                        "key": "panelPANE-4162DCB5A32D094C",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panelPANE-A67B2E20BC271A43",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-6DFA637C8E2A6B4F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-8302BACC9D69C946",
+                        "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":38}"
+                    },
+                    {
+                        "key": "panelPANE-1BE7F7D5A20C7949",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
+                    },
+                    {
+                        "key": "panelPANE-FF1759E1A405494E",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":39}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-7914d172a686b845",
+                    "title": "Lambda Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":24,\"labelFontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=AWS/Lambda metric=Errors statistic=Sum account={{account}} region={{region}} functionname=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6bc131b8aefba843",
+                    "title": "DynamoDB Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":1,\"to\":10,\"color\":\"#b18209\"},{\"from\":10,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"valueFontSize\":24,\"labelFontSize\":16},\"hiddenQueryKeys\":[\"A\",\"B\",\"C\"]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/dynamodb metric=UserErrors Statistic=SampleCount account={{account}} region={{region}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace=aws/dynamodb metric=SystemErrors Statistic=SampleCount account={{account}} region={{region}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "namespace=aws/dynamodb metric=ConditionalCheckFailedRequests Statistic=SampleCount account={{account}} region={{region}} | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        },
+                        {
+                            "queryString": "#A+#B+#C",
+                            "queryType": "Metrics",
+                            "queryKey": "D",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6b1253898d854b40",
+                    "title": "EC2 Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=AWS/EC2 metric=CPU_Total account={{account}} region={{region}} instanceId=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ca3c365b98f73b4e",
+                    "title": "RDS Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/rds metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-81738ecdbf440a42",
+                    "title": "EC2 Average Free Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Free Memory (GB)\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=AWS/EC2 account={{account}} metric=Mem_Free region={{region}} instanceId=* | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-71f8315495fd0b46",
+                    "title": "RDS Average Freeable Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Freeable Memory (GB)\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/rds metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier=* | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C917D1C897F83843",
+                    "title": "API Gateway Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ApiGateway (metric=4XXError or metric=5XXError) statistic=Sum account={{account}} region={{region}} apiname=* | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F361E48F8E269B40",
+                    "title": "ALB Errors",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ApplicationELB (metric=HTTPCode_ELB_4XX_Count or metric=HTTPCode_ELB_5XX_Count) statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-0175F671BCE9DB48",
+                    "title": "Application Load Balancer (ALB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8B2702079B7A8B41",
+                    "title": "API Gateway",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-5713E01F906CE84D",
+                    "title": "EC2",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3597FB879CA88941",
+                    "title": "RDS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6542461980C52B40",
+                    "title": "DynamoDB",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-11DF78EE83723844",
+                    "title": "Lambda",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4C7145EF82FC1947",
+                    "title": "Activity Overview",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-990ED69BA97C3A4D",
+                    "title": "AWS Resource Activity",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "(*Create* or *Delete* or *Terminate* or *Remove* or *Update* or *Modify* or *Change*)  \"\\\"eventSource\\\"\" \"\\\"eventName\\\"\" account={{account}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| parse field=event_source \"*.amazonaws.com\" as aws_service\n| where event_source matches \"*.amazonaws.com\" and region matches \"{{region}}\" and (event_name matches \"*Create*\" or event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\" or event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\")\n| if (event_name matches \"*Create*\", \"Create\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\", \"Delete\", if (event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\", \"Update\", event_name))) as activity\n| count by activity, aws_service\n| transpose row activity column aws_service",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F1128ED3889B6944",
+                    "title": "Incoming Activity Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"map\":{\"layerType\":\"Cluster\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\"\" account={{account}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source matches \"*amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and region matches \"{{region}}\"\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9648BD99ACAD4849",
+                    "title": "Requests By API Name",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{apiname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ApiGateway metric=count Statistic=sum account={{account}} region={{region}} apiname=* | sum by apiname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2489C9AEA5489B4A",
+                    "title": "Requests Served by ALB",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9C29675CB0058942",
+                    "title": "Lambda Invocations",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{functionname}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/lambda metric=Invocations statistic=Sum account={{account}} region={{region}} functionname=* | sum by functionname, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C98E94B8BC492948",
+                    "title": "DynamoDB Requests By Table",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"aggregationType\":\"sum\"},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{tablename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/dynamodb metric=SuccessfulRequestLatency Statistic=SampleCount account={{account}} region={{region}} tablename=* | sum by tablename, namespace, region, account | eval round(_value)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel725CC05C81EA784C",
+                    "title": "ElastiCache",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel86A26767A50B3B4A",
+                    "title": "ECS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F10EDBC587594846",
+                    "title": "ElastiCache Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/elasticache metric=CPUUtilization statistic=Average account={{account}} region={{region}} CacheClusterId=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-87D374AA91098B41",
+                    "title": "ECS Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% CPU Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/ecs metric=CPUUtilization statistic=Average account={{account}} region={{region}} ClusterName=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-20B99A47A408EB4E",
+                    "title": "ECS Average Memory Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"% Memory Usage\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"valueFontSize\":20,\"labelFontSize\":8},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/ecs metric=MemoryUtilization statistic=Average account={{account}} region={{region}} ClusterName=* | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F69D8CACA7C3B940",
+                    "title": "Network Load Balancer (NLB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E6118184874FA945",
+                    "title": "Active Connections by NLB",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/networkelb metric=ActiveFlowCount Statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1D70CFBE83238A4B",
+                    "title": "NLB - Healthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A6FF66ABA4CDCB4B",
+                    "title": "NLB  - Unhealthy Hosts",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Hosts\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"},\"gauge\":{\"show\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1E7F8086B885C943",
+                    "title": "TLS Negotiation Errors by NLB",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/NetworkELB metric=*TLSNegotiationErrorCount statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2AEC3E7192D9D942",
+                    "title": "Elasticache Average Freeable Memory",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Freeable Memory (GB)\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "namespace=aws/elasticache metric=FreeableMemory statistic=average account={{account}} region={{region}} CacheClusterId=* CacheNodeId=* | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4162DCB5A32D094C",
+                    "title": "Classic Load Balancer (ELB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A67B2E20BC271A43",
+                    "title": "Requests Served by ELB",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace=AWS/ELB metric=RequestCount Statistic=Sum account={{account}} region={{region}} loadbalancername=* | sum by loadbalancername, namespace, region, account",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6DFA637C8E2A6B4F",
+                    "title": "ELB Errors",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} Namespace=AWS/ELB (metric=HTTPCode_ELB_4XX or metric=HTTPCode_ELB_5XX) Statistic=Sum region={{region}} loadbalancername=* | sum by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8302BACC9D69C946",
+                    "title": "Application and Classic Load Balancer",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1BE7F7D5A20C7949",
+                    "title": "Active Connections (ALB)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} Namespace=AWS/ApplicationELB metric=ActiveConnectionCount Statistic=Sum region={{region}} loadbalancer=* | sum by account, region, namespace, loadbalancer",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FF1759E1A405494E",
+                    "title": "Classic Load Balancer (ELB) Latency (ms)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "account={{account}} Namespace=AWS/ELB metric=Latency Statistic=Average region={{region}} loadbalancername=* | eval(_value*1000) | avg by account, region, namespace, loadbalancername",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Rce-App.json b/aws-observability-terraform/examples/aws-observability/json/Rce-App.json
new file mode 100644
index 00000000..efdbc828
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Rce-App.json
@@ -0,0 +1,2185 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS Events Of Interest",
+    "description": "Dashboard definitions for events of interest dashboards and panels",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Account Events of Interest",
+            "description": "",
+            "title": "2. AWS Account Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Application Load Balancer - Events of Interest",
+            "description": "",
+            "title": "2. AWS Application Load Balancer - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS DynamoDB - Events of Interest",
+            "description": "",
+            "title": "2. AWS DynamoDB - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "=",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS EC2 Metrics - Events of Interest",
+            "description": "",
+            "title": "2. AWS EC2 Metrics - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Lambda - Events of Interest",
+            "description": "",
+            "title": "2. AWS Lambda - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Network Load Balancer - Events of Interest",
+            "description": "",
+            "title": "2. AWS Network Load Balancer - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. AWS Region Events of Interest",
+            "description": "",
+            "title": "2. AWS Region Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. AWS API Gateway - Events of Interest",
+            "description": "",
+            "title": "3. AWS API Gateway - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon ECS - Entity Events of Interest",
+            "description": "",
+            "title": "3. Amazon ECS - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "clustername": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ecs"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-A8F40975AFE6CA4B",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-A8F40975AFE6CA4B",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ecs",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "clustername",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "clustername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "service",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} clustername={{clustername}}",
+                        "key": "servicename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon ECS - Events of Interest",
+            "description": "",
+            "title": "3. Amazon ECS - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ecs"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-857D055E88454846",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-857D055E88454846",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ecs",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "clustername",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "clustername"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "service",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} clustername={{clustername}}",
+                        "key": "servicename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. AWS API Gateway - Entity Events of Interest",
+            "description": "",
+            "title": "4. AWS API Gateway - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "apiname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/apigateway"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/apigateway",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "apiname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "apiname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. Amazon RDS - Events of Interest",
+            "description": "",
+            "title": "4. Amazon RDS - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. AWS DynamoDB - Entity Events of Interest",
+            "description": "",
+            "title": "5. AWS DynamoDB - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/dynamodb"
+                    ],
+                    "tablename": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/dynamodb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "tablename",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "tablename"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. Amazon ElastiCache - Entity Events of Interest",
+            "description": "",
+            "title": "5. Amazon ElastiCache - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "cacheclusterid": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-A8F40975AFE6CA4B",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-A8F40975AFE6CA4B",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "CacheClusterId"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "CacheNodeId"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. Amazon ElastiCache - Events of Interest",
+            "description": "",
+            "title": "5. Amazon ElastiCache - Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/elasticache"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-857D055E88454846",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-857D055E88454846",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/elasticache",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheClusterId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "CacheClusterId"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "CacheNodeId",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}} CacheClusterId={{CacheClusterId}}",
+                        "key": "CacheNodeId"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6. Amazon RDS - Entity Events of Interest",
+            "description": "",
+            "title": "6. Amazon RDS - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "dbidentifier": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "7. AWS EC2 Metrics - Entity Events of Interest",
+            "description": "",
+            "title": "7. AWS EC2 Metrics - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "7. AWS Lambda - Entity Events of Interest",
+            "description": "",
+            "title": "7. AWS Lambda - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "functionname": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/lambda"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/lambda",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "functionname",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "functionname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "7. AWS Network Load Balancer - Entity Events of Interest",
+            "description": "",
+            "title": "7. AWS Network Load Balancer - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/networkelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ],
+                    "networkloadbalancer": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/networkelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "networkloadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "networkloadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "availabilityzone",
+                    "displayName": "availabilityzone",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "availabilityzone"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "8. AWS Application Load Balancer - Entity Events of Interest",
+            "description": "",
+            "title": "8. AWS Application Load Balancer - Entity Events of Interest",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "loadbalancer": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/applicationelb"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1h"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-755772EE99E55B40",
+                        "structure": "{\"height\":13,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-755772EE99E55B40",
+                    "title": "Events of Interest: Drift and Duration by Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"EventsOfInterestScatterPanel\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "EventsOfInterestScatterPanel"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/applicationelb",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "loadbalancer",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "loadbalancer"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Rds-App.json b/aws-observability-terraform/examples/aws-observability/json/Rds-App.json
new file mode 100644
index 00000000..cfcf9879
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Rds-App.json
@@ -0,0 +1,4673 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "Amazon RDS",
+    "description": "The Sumo Logic App for Amazon RDS provides visibility into your Amazon Relational Database Service (RDS) Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your RDS system's overview, CPU, memory, storage, network transmit and receive throughput, read and write operations, database connection count, disk queue depth, and more.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon RDS - Overview",
+            "description": "The Amazon RDS Overview dashboard provides insights into RDS resource statistics and utilization throughout your infrastructure, including CPU, memory, latency, storage, and network throughput.",
+            "title": "1. Amazon RDS - Overview",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "_sumo_domain_name": [
+                        "aws"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-4249b61cb6e8fa47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-46a720e39003884a",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":33}"
+                    },
+                    {
+                        "key": "panelpane-40e7d821a935684a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelpane-25c1168ebcaafb4d",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-c16c7d27adcd1b45",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-c7b2b0dbba2e4b46",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-9b2d25eaa1db9845",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-188b131cb1372b44",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-f111287faf32ca42",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-89fc811ab849da4f",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":15}"
+                    },
+                    {
+                        "key": "panelpane-dad8b840bf488947",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-33d3a97b8753594f",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-906dd2db98e0bb4c",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-fff436e982ec884e",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-e17015018151084a",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-d3b2d8e68fa01a46",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-df1889bc92c61b49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":40}"
+                    },
+                    {
+                        "key": "panelpane-6e09f228a5fa6b4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":40}"
+                    },
+                    {
+                        "key": "panelpane-ab8b759c89e43945",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":52}"
+                    },
+                    {
+                        "key": "panelpane-049268f8aee44948",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":34}"
+                    },
+                    {
+                        "key": "panelpane-d11fc902a4d24a4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":52}"
+                    },
+                    {
+                        "key": "panelpane-0ff07ba891988a45",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":46}"
+                    },
+                    {
+                        "key": "panelpane-e316b009aa112845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":46}"
+                    },
+                    {
+                        "key": "panelpane-878b2956b5909944",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-d7f5d0349d12484e",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-4b33a91dbdca6b47",
+                        "structure": "{\"height\":8,\"width\":12,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panelpane-508fb785bf307a46",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-BC3D8BDE8EF57A47",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-F6BAC46F84480B42",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-F768F8C3A4E31B47",
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":58}"
+                    },
+                    {
+                        "key": "panelPANE-7F38B7AE9E306B4F",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":61}"
+                    },
+                    {
+                        "key": "panelPANE-CDEEA98780783948",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":61}"
+                    },
+                    {
+                        "key": "panelPANE-4BD7B6EEA836A941",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":61}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-4249b61cb6e8fa47",
+                    "title": "Avg CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"%\",\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}}  dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-46a720e39003884a",
+                    "title": "Resource Utilization",
+                    "visualSettings": "{\"text\":{\"fontSize\":18,\"alignment\":\"left\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-40e7d821a935684a",
+                    "title": "CPU Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"%\"}},\"legend\":{\"enabled\":true},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-25c1168ebcaafb4d",
+                    "title": "Database Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"label\":\"Connections In use\",\"thresholds\":[{\"from\":null,\"to\":11,\"color\":\"#527b01\"},{\"from\":11,\"to\":21,\"color\":\"#b18209\"},{\"from\":21,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":10,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c16c7d27adcd1b45",
+                    "title": "Disk Queue Depth",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"label\":\"Queue Length\",\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#527b01\"},{\"from\":2,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"labelFontSize\":10,\"noDataString\":\"0\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DiskQueueDepth statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c7b2b0dbba2e4b46",
+                    "title": "Avg Free Memory",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"GB\",\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"rounding\":2,\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9b2d25eaa1db9845",
+                    "title": "Read IOPS",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Operations/Second\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-188b131cb1372b44",
+                    "title": "Write IOPS",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Operations/Second\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f111287faf32ca42",
+                    "title": "Read Latency",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Seconds\",\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#527b01\"},{\"from\":2,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":10,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-89fc811ab849da4f",
+                    "title": "Write Latency",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Seconds\",\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#527b01\"},{\"from\":2,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-dad8b840bf488947",
+                    "title": "Read Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"labelFontSize\":10,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33d3a97b8753594f",
+                    "title": "Write Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-906dd2db98e0bb4c",
+                    "title": "Network Receive Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"labelFontSize\":10,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fff436e982ec884e",
+                    "title": "Network Transmit Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"labelFontSize\":10,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e17015018151084a",
+                    "title": "Resource Stats",
+                    "visualSettings": "{\"text\":{\"alignment\":\"left\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d3b2d8e68fa01a46",
+                    "title": "Average Free Memory (GB)",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[],\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#75bf00\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#f6c851\"},{\"from\":0,\"to\":2.1,\"color\":\"#f36644\"}]},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / (1024 * 1024 * 1024) | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-df1889bc92c61b49",
+                    "title": "Network Receive Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6e09f228a5fa6b4f",
+                    "title": "Network Transmit Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ab8b759c89e43945",
+                    "title": "Connections Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Number of Connections\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-049268f8aee44948",
+                    "title": "Average Free Memory (GB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"GB\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d11fc902a4d24a4d",
+                    "title": "Free Storage Space Over Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"GB\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}],\"invisibleSeriesIds\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeStorageSpace statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0ff07ba891988a45",
+                    "title": "Read IOPS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"IOPS\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e316b009aa112845",
+                    "title": "Write IOPS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"IOPS\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-878b2956b5909944",
+                    "title": "Engines Used",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"fillOpacity\":1,\"innerRadius\":30,\"maxNumOfSlices\":10,\"startAngle\":0,\"fontSize\":12,\"paginationPageSize\":100},\"xy\":{\"xDimension\":[],\"yDimension\":[],\"zDimension\":[]},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{EngineName}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} enginename=* | sum by EngineName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d7f5d0349d12484e",
+                    "title": "Database Classes Used",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"fillOpacity\":1,\"innerRadius\":30,\"maxNumOfSlices\":10,\"startAngle\":0,\"fontSize\":12,\"paginationPageSize\":100,\"aggregationType\":\"avg\",\"displayType\":\"default\"},\"xy\":{\"xDimension\":[],\"yDimension\":[],\"zDimension\":[]},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{databaseclass}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections region={{region}} account={{account}} databaseclass=* statistic=average | avg by databaseclass, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4b33a91dbdca6b47",
+                    "title": "Database Cluster Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\",\"decimals\":2},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"DB_Connections\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by account, region, dbidentifier",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-508fb785bf307a46",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":30,\"color\":\"#75bf00\"},{\"from\":30,\"to\":60,\"color\":\"#f6c851\"},{\"from\":60,\"to\":101,\"color\":\"#f36644\"}],\"groupBy\":[]}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=Average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BC3D8BDE8EF57A47",
+                    "title": "Disk Queue Depth",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#75bf00\"},{\"from\":2,\"to\":5,\"color\":\"#f6c851\"},{\"from\":5,\"to\":null,\"color\":\"#f36644\"}],\"groupBy\":[]}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DiskQueueDepth statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F6BAC46F84480B42",
+                    "title": "Database Connections In Use",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[]}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F768F8C3A4E31B47",
+                    "title": "RDS Performance Insights",
+                    "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "   - __DBLoad__: The number of active sessions for the DB engine. Typically, you want the data for the average number of active sessions. In Performance Insights, this data is queried as db.load.avg.\n\n   - __DBLoadCPU__: The number of active sessions where the wait event type is CPU. In Performance Insights, this data is queried as db.load.avg, filtered by the wait event type CPU.\n\n   - __DBLoadNonCPU__: The number of active sessions where the wait event type is not CPU."
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-7F38B7AE9E306B4F",
+                    "title": "Relative DB Load",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[]}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoad statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CDEEA98780783948",
+                    "title": "Relative  DB Load CPU",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[]}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoadCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4BD7B6EEA836A941",
+                    "title": "Relative DB Load Non CPU",
+                    "visualSettings": "{\"general\":{\"type\":\"honeyComb\"},\"honeyComb\":{\"groupBy\":[]}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoadNonCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon RDS - Overview By Database Instance",
+            "description": "The Amazon RDS Overview By Database Instance dashboard provides insights into resource statistics and utilization per database instance throughout your infrastructure. Panels display data for CPU, memory, latency, storage, and network throughput per database instance.",
+            "title": "1. Amazon RDS - Overview By Database Instance",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "dbidentifier": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-4249b61cb6e8fa47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-46a720e39003884a",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelpane-40e7d821a935684a",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panelpane-25c1168ebcaafb4d",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-c16c7d27adcd1b45",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-c7b2b0dbba2e4b46",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-819aa9e99cec6843",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-62e15a4a9a790b40",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-9b2d25eaa1db9845",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-188b131cb1372b44",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-f111287faf32ca42",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-89fc811ab849da4f",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-dad8b840bf488947",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-33d3a97b8753594f",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-906dd2db98e0bb4c",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-fff436e982ec884e",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-bc5d63a4b5091947",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":11}"
+                    },
+                    {
+                        "key": "panelpane-5b22c23f9876984a",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-d7b4a059acb14a47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-e17015018151084a",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-df1889bc92c61b49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelpane-6e09f228a5fa6b4f",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":28}"
+                    },
+                    {
+                        "key": "panelpane-ab8b759c89e43945",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":40}"
+                    },
+                    {
+                        "key": "panelpane-049268f8aee44948",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
+                    },
+                    {
+                        "key": "panelpane-d11fc902a4d24a4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":40}"
+                    },
+                    {
+                        "key": "panelpane-0ff07ba891988a45",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelpane-e316b009aa112845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":34}"
+                    },
+                    {
+                        "key": "panelpane-d39432b9a27b684c",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-9f1acb56b7178844",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-165cb00db08b1a41",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-23e24294809c884c",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-24a914cf8d51ea47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-68f9b87e8443ba46",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":16}"
+                    },
+                    {
+                        "key": "panelpane-8bf347c6819b4b4b",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":16}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-4249b61cb6e8fa47",
+                    "title": "Avg CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"%\",\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-46a720e39003884a",
+                    "title": "Resource Utilization",
+                    "visualSettings": "{\"text\":{\"fontSize\":18,\"alignment\":\"left\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-40e7d821a935684a",
+                    "title": "CPU Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"%\"}},\"legend\":{\"enabled\":true},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-25c1168ebcaafb4d",
+                    "title": "Database Connections",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"label\":\"Connections In use\",\"thresholds\":[{\"from\":null,\"to\":11,\"color\":\"#527b01\"},{\"from\":11,\"to\":21,\"color\":\"#b18209\"},{\"from\":21,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c16c7d27adcd1b45",
+                    "title": "Disk Queue Depth",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"label\":\"Queue Length\",\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#527b01\"},{\"from\":2,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DiskQueueDepth statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c7b2b0dbba2e4b46",
+                    "title": "Avg Free Memory (GB)",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"GB\",\"thresholds\":[{\"from\":4.1,\"to\":null,\"color\":\"#527b01\"},{\"from\":2.1,\"to\":4.1,\"color\":\"#b18209\"},{\"from\":null,\"to\":2.1,\"color\":\"#b63010\"}],\"rounding\":2,\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-819aa9e99cec6843",
+                    "title": "Bin Log Disk Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"rounding\":2,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BinLogDiskUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-62e15a4a9a790b40",
+                    "title": "Avg Free Storage Space",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"GB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"rounding\":2,\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeStorageSpace statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9b2d25eaa1db9845",
+                    "title": "Read IOPS",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Operations/Second.\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-188b131cb1372b44",
+                    "title": "Write IOPS",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Operations/Second\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f111287faf32ca42",
+                    "title": "Read Latency",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Seconds\",\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#527b01\"},{\"from\":2,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-89fc811ab849da4f",
+                    "title": "Write Latency",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Seconds\",\"thresholds\":[{\"from\":null,\"to\":2,\"color\":\"#527b01\"},{\"from\":2,\"to\":5,\"color\":\"#b18209\"},{\"from\":5,\"to\":null,\"color\":\"#b63010\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-dad8b840bf488947",
+                    "title": "Read Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"labelFontSize\":10,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-33d3a97b8753594f",
+                    "title": "Write Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Seconds\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-906dd2db98e0bb4c",
+                    "title": "Network Receive Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"labelFontSize\":10,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-fff436e982ec884e",
+                    "title": "Network Transmit Throughput",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"KB/Second\",\"labelFontSize\":10,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-bc5d63a4b5091947",
+                    "title": "Swap Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"MB\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=SwapUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1048576 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5b22c23f9876984a",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"vCPU-minutes\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUCreditUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "(T2 instances) The number of CPU credits spent by the instance for CPU utilization.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d7b4a059acb14a47",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"vCPU-minutes\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10,\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CPUCreditBalance statistic=average account={{account}} region={{region}}  dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "\t(T2 instances) The number of earned CPU credits that an instance has accrued since it was launched or started. For T2 Standard, the CPUCreditBalance also includes the number of launch credits that have been accrued.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e17015018151084a",
+                    "title": "Resource Stats",
+                    "visualSettings": "{\"text\":{\"alignment\":\"left\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-df1889bc92c61b49",
+                    "title": "Network Receive Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6e09f228a5fa6b4f",
+                    "title": "Network Transmit Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ab8b759c89e43945",
+                    "title": "Database Connections In Use",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Number of Connections\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-049268f8aee44948",
+                    "title": "Free Memory (GB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"GB\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d11fc902a4d24a4d",
+                    "title": "Free Storage Space",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"GB\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeStorageSpace statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0ff07ba891988a45",
+                    "title": "Read IOPS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"IOPS\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e316b009aa112845",
+                    "title": "Write IOPS",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"IOPS\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d39432b9a27b684c",
+                    "title": "Burst Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"%\",\"labelFontSize\":10,\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"option\":\"Latest\",\"gauge\":{\"show\":true},\"sparkline\":{\"show\":true,\"color\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BurstBalance statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "\t\nThe percent of General Purpose SSD (gp2) burst-bucket I/O credits available",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9f1acb56b7178844",
+                    "title": "Max Used Transaction IDs",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Maximum\",\"label\":\"Count\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"rounding\":0,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=MaximumUsedTransactionIDs statistic=maximum account={{account}} region={{region}} dbidentifier={{dbidentifier}} | max",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-165cb00db08b1a41",
+                    "title": "Transaction Logs Disk Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"GB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=TransactionLogsDiskUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} |  eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-23e24294809c884c",
+                    "title": "Transaction Logs Generation",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"KB/Second\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=TransactionLogsGeneration statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-24a914cf8d51ea47",
+                    "title": "Oldest Replication Slot Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"MB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=OldestReplicationSlotLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-68f9b87e8443ba46",
+                    "title": "Replication Slot Disk Usage",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"MB\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReplicationSlotDiskUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-8bf347c6819b4b4b",
+                    "title": "Replica Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Seconds\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"rounding\":2,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false},\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon RDS - CloudTrail Audit Events",
+            "description": "The Amazon RDS CloudTrail Audit Events dashboard provides insights into audit events of your database clusters.",
+            "title": "2. Amazon RDS - CloudTrail Audit Events",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-A04288C2A237EB46",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-71AA09498BB6D946",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-F8BE33E491B91848",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelPANE-30579457B90CCB42",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":9}"
+                    },
+                    {
+                        "key": "panelPANE-4834DC7D8AEF7B47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panelPANE-BD86AC76BB36F84D",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-E63F0315B9D45A42",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-750E1A6CA27EEB4D",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelPANE-1F55A2608352DA48",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":21}"
+                    },
+                    {
+                        "key": "panelPANE-CC660D25B034AA44",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-469F20CF9413EA4E",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":6,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-B0B0F243BB40184F",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":15,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-AD8F9E7BB14C484D",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":10,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-F529A82EA659C844",
+                        "structure": "{\"height\":9,\"width\":24,\"x\":0,\"y\":33}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-A04288C2A237EB46",
+                    "title": "Location of Successful Events ",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"map\":{\"layerType\":\"Cluster\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-71AA09498BB6D946",
+                    "title": "Location of Failure Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"map\":{\"layerType\":\"Cluster\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F8BE33E491B91848",
+                    "title": "Event Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"pie\"}},{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"pie\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by eventStatus\n| sort by _count, eventStatus asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-30579457B90CCB42",
+                    "title": "Top Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count as Frequency by errorCode \n| top 10 errorCode by Frequency, errorCode asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4834DC7D8AEF7B47",
+                    "title": "Event Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#f36644\",\"type\":\"column\"}},{\"series\":[\"Success\"],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"color\":\"#75bf00\",\"type\":\"column\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 15m\n| count by _timeslice, eventStatus\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-BD86AC76BB36F84D",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E63F0315B9D45A42",
+                    "title": "Failed Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 1s\n| count as Frequency by _timeslice, event_name, errorCode, errorMessage, src_ip, user, type, requestID, user_agent, Region, accountId, dBClusterIdentifier, dBInstanceIdentifier\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-750E1A6CA27EEB4D",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| where eventStatus=\"Success\"\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1F55A2608352DA48",
+                    "title": "Successful Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| where eventStatus = \"Success\"\n| timeslice 1s\n| count as Frequency by _timeslice, event_name, src_ip, user, type, requestId, user_agent, Region, accountId, dBClusterIdentifier, dBInstanceIdentifier\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CC660D25B034AA44",
+                    "title": "Top Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by type, user\n| topk(10, Frequency) by type | fields -_rank",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-469F20CF9413EA4E",
+                    "title": "Most Active Engine",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" engine account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json \"requestParameters.engine\", \"responseElements.engine\" as engine1, engine2 nodrop\n| if (!isEmpty(engine1), engine1, engine2) as engine\n| where !isEmpty(engine)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by engine\n| sort by Frequency, engine asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B0B0F243BB40184F",
+                    "title": "Events Trend by Event Name",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| timeslice 15m\n| count as Frequency by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-AD8F9E7BB14C484D",
+                    "title": "Events by User",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#98ECA9\"},{\"from\":null,\"to\":null,\"color\":\"#F2DA73\"},{\"from\":null,\"to\":null,\"color\":\"#FFB5B5\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"hiddenQueryKeys\":[],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by user, event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F529A82EA659C844",
+                    "title": "Database Events from Known Malicious IP Addresses",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon RDS - Performance Insights",
+            "description": "The Amazon RDS Performance Insights dashboard provides intuitive performance data from throughout your RDS infrastructure across CPU load, non CPU load, active sessions, and performance trends.",
+            "title": "2. Amazon RDS - Performance Insights",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "dbidentifier": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-c9f5a361a49c3a4a",
+                        "structure": "{\"height\":4,\"width\":8,\"x\":0,\"y\":4}"
+                    },
+                    {
+                        "key": "panelpane-91d7cba085e2ab4a",
+                        "structure": "{\"height\":4,\"width\":8,\"x\":8,\"y\":4}"
+                    },
+                    {
+                        "key": "panelpane-0aeca248b59a9a43",
+                        "structure": "{\"height\":4,\"width\":8,\"x\":16,\"y\":4}"
+                    },
+                    {
+                        "key": "panelpane-9a779317b2bb494b",
+                        "structure": "{\"height\":4,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-7fb660d7a48f4948",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-6e8aa3d39e29bb4a",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-b8d3c475a9c06b4f",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":8}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-c9f5a361a49c3a4a",
+                    "title": "DB Load",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Active Session Count\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoad statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-91d7cba085e2ab4a",
+                    "title": "DB Load CPU",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Active Session Count\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoadCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0aeca248b59a9a43",
+                    "title": "DB Load Non CPU",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"label\":\"Active Session Count\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":10}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoadNonCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9a779317b2bb494b",
+                    "title": "RDS Performance Insights",
+                    "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "   - __DBLoad__: The number of active sessions for the DB engine. Typically, you want the data for the average number of active sessions. In Performance Insights, this data is queried as db.load.avg.\n\n   - __DBLoadCPU__: The number of active sessions where the wait event type is CPU. In Performance Insights, this data is queried as db.load.avg, filtered by the wait event type CPU.\n\n   - __DBLoadNonCPU__: The number of active sessions where the wait event type is not CPU.\n   \nTo enable Performance Insight on database instance read AWS document at https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Enabling.html"
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7fb660d7a48f4948",
+                    "title": "DB Load",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Active Session Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoad statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6e8aa3d39e29bb4a",
+                    "title": "DB Load CPU",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Active Session Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoadCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b8d3c475a9c06b4f",
+                    "title": "DB Load Non CPU",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"5\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Active Session Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DBLoadNonCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon RDS - Aurora Generic",
+            "description": "The Amazon RDS Aurora Generic dashboard provides generic AWS Aurora performance statistics across your infrastructure for uptime, replica lag, latency, network throughput, volume, and storage.",
+            "title": "3. Amazon RDS - Aurora Generic",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "dbidentifier": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-863e806b833b7948",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-cc0db7739c9ff945",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-ac000a2a8114584a",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-c492a7ae968a4843",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-f4839d6caede284b",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-eb70679d91c6c84e",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-528ead76937c0844",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-b01f015e9a044947",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-173df1c08ab79947",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-8e2c051ea4133b49",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-e86c8b1ab7ee7b4d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-648303fe9bbc0949",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-a96b33e1abf59940",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":36}"
+                    },
+                    {
+                        "key": "panelpane-8525e66b8d7f0b46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-68cc8b318181684c",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-c138d30d97dc1944",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-1955E9F893A93947",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-6930432F98A16844",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-863e806b833b7948",
+                    "title": "Aurora Replica Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-cc0db7739c9ff945",
+                    "title": "Aurora Replica Lag Maximum",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraReplicaLagMaximum statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ac000a2a8114584a",
+                    "title": "Aurora Replica Lag Minimum",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraReplicaLagMinimum statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c492a7ae968a4843",
+                    "title": "Free Local Storage",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"GB\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=FreeLocalStorage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / (1024 * 1024 * 1024) | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f4839d6caede284b",
+                    "title": "Network Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=NetworkThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-eb70679d91c6c84e",
+                    "title": "Buffer Cache Hit Ratio",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"%\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BufferCacheHitRatio statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-528ead76937c0844",
+                    "title": "Deadlocks",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Deadlock Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Deadlocks statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b01f015e9a044947",
+                    "title": "Commit Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CommitLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-173df1c08ab79947",
+                    "title": "Commit Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Operations / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=CommitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-8e2c051ea4133b49",
+                    "title": "Volume Bytes Used",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"MB\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=VolumeBytesUsed statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / (1024*1024) | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e86c8b1ab7ee7b4d",
+                    "title": "Volume Read IOPs",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"Number of Billed Read I/O Operations\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=VolumeReadIOPs statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-648303fe9bbc0949",
+                    "title": "Volume Write IOPs",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"Number of Write Disk I/O Operations\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=VolumeWriteIOPs statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-a96b33e1abf59940",
+                    "title": "Backup Retention Period Storage Used",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"Gibibytes (GiB)\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BackupRetentionPeriodStorageUsed statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-8525e66b8d7f0b46",
+                    "title": "Snapshot Storage Used",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"Gibibytes (GiB)\",\"labelFontSize\":12}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=SnapshotStorageUsed statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-68cc8b318181684c",
+                    "title": "Total Backup Storage Billed by Engine",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"Gibibytes (GiB)\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{enginename}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=TotalBackupStorageBilled statistic=average account={{account}} region={{region}} EngineName=* | avg by account, region, namespace, EngineName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c138d30d97dc1944",
+                    "title": "RDS To Aurora PostgreSQL Replica Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"axes\":{\"axisY\":{\"title\":\"Seconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=RDSToAuroraPostgreSQLReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1955E9F893A93947",
+                    "title": "Buffer Cache Hit Ratio",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Hit Ratio\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":50,\"color\":\"#f36644\"},{\"from\":50,\"to\":80,\"color\":\"#f6c851\"},{\"from\":80,\"to\":null,\"color\":\"#75bf00\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BufferCacheHitRatio statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6930432F98A16844",
+                    "title": "Engine Up Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"svp\":{\"option\":\"Average\",\"label\":\"Days\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=EngineUptime statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg | eval (_value / (3600 * 24))",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon RDS - Non-Describe CloudTrail Audit Events",
+            "description": "The Amazon RDS Non-Describe CloudTrail Audit Events dashboard provides statistical and detailed insights into Non-Describe DB Instance, SnapShot, Cluster, Security group events.",
+            "title": "3. Amazon RDS - Non-Describe CloudTrail Audit Events",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-6F1BBCF58FBA1B46",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-CA7923E58BBB9B4E",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-D414E7689615EA49",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":1}"
+                    },
+                    {
+                        "key": "panelPANE-22D39E5D9E0A8B4B",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-EBB48E3C8CC5C947",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-E8F74BED8B385A4B",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-1CF0A9E9AC47594E",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-9BD4B0B38C32EB4C",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-F8992B89BA343945",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelPANE-2A2480C0BF268A4F",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":21}"
+                    },
+                    {
+                        "key": "panelPANE-CAB81959BB8A2B4C",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelPANE-A9CDC7B5A58E9849",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":28}"
+                    },
+                    {
+                        "key": "panelPANE-14271FE9A2992B40",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":13}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-6F1BBCF58FBA1B46",
+                    "title": "Non-Describe DB Instance Events ",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CA7923E58BBB9B4E",
+                    "title": "DB Instance Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBInstance* !Describe*DBInstance* !StartDBInstance !StopDBInstance !RebootDBInstance account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBInstance*\" and !(event_name matches \"Describe*DBInstance*\") and !(event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\"))\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop  \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-D414E7689615EA49",
+                    "title": "DB Instance Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBInstance* !Describe*DBInstance* !StartDBInstance !StopDBInstance !RebootDBInstance account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBInstance*\" and !(event_name matches \"Describe*DBInstance*\") and !(event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\"))\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBInstanceIdentifier, user, Region, src_ip, eventStatus, dBInstanceClass, engine, dbName, dBSnapshotIdentifier, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-22D39E5D9E0A8B4B",
+                    "title": "Start, Stop, Reboot DB Instance Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" (StartDBInstance or StopDBInstance or RebootDBInstance) account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBInstanceIdentifier, user, Region, src_ip, eventStatus, dBInstanceClass, engine, dbName, dBSnapshotIdentifier, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EBB48E3C8CC5C947",
+                    "title": "DB Snapshot Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DB*Snapshot* !Describe*DB*Snapshot* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip  nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DB*Snapshot*\" and !(event_name matches \"Describe*DB*Snapshot*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier1 nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2, dBSnapshotIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier | concat (dBSnapshotIdentifier1, dBSnapshotIdentifier2) as dBSnapshotIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (!isEmpty(dBSnapshotIdentifier1), dBSnapshotIdentifier1, dBSnapshotIdentifier) as dBSnapshotIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E8F74BED8B385A4B",
+                    "title": "DB Snapshot Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DB*Snapshot* !Describe*DB*Snapshot* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DB*Snapshot*\" and !(event_name matches \"Describe*DB*Snapshot*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier1 nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2, dBSnapshotIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier | concat (dBSnapshotIdentifier1, dBSnapshotIdentifier2) as dBSnapshotIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (!isEmpty(dBSnapshotIdentifier1), dBSnapshotIdentifier1, dBSnapshotIdentifier) as dBSnapshotIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBSnapshotIdentifier, user, Region, src_ip, eventStatus, dBInstanceIdentifier, engine, dBInstanceClass, dbName, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1CF0A9E9AC47594E",
+                    "title": "Non-Describe DB Cluster Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-9BD4B0B38C32EB4C",
+                    "title": "Non-Describe DB Security Group Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F8992B89BA343945",
+                    "title": "DB Cluster Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBCluster !Describe*DBCluster* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBCluster\" and !(event_name matches \"Describe*DBCluster*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-2A2480C0BF268A4F",
+                    "title": "DB Cluster Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBCluster !Describe*DBCluster* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBCluster\" and !(event_name matches \"Describe*DBCluster*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBClusterIdentifier, user, Region, src_ip, eventStatus, engine, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CAB81959BB8A2B4C",
+                    "title": "DB Security Group Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBSecurityGroup* !DescribeDBSecurityGroups account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBSecurityGroup*\" and event_name<>\"DescribeDBSecurityGroups\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\", \"dBSecurityGroupName\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier, dBSecurityGroupName  nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A9CDC7B5A58E9849",
+                    "title": "DB Security Group Event Details",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBSecurityGroup* !DescribeDBSecurityGroups account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBSecurityGroup*\" and event_name<>\"DescribeDBSecurityGroups\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\", \"dBSecurityGroupName\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier, dBSecurityGroupName  nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBSecurityGroupName, type, user, Region, src_ip, eventStatus, errorCode, errorMessage, engine, dBInstanceIdentifier, dBClusterIdentifier, dBInstanceClass, dbName\n| sort by eventTime | limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-14271FE9A2992B40",
+                    "title": "Non-Describe DB Snapshot Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. Amazon RDS - Aurora MySQL",
+            "description": "The Amazon RDS Aurora MySQL dashboard provides intuitive Aurora MySQL performance data from across your infrastructure for latency, throughput, active and blocked transactions, queries, login failures, and replica lag.",
+            "title": "4. Amazon RDS - Aurora MySQL",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "dbidentifier": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-4d1721cf8a106944",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-1617ebb3b18df944",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-0034b33d96ee5a49",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-d554054b8f056b42",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-f4ece00d90a1794b",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-92e5f3b5a2d4db40",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-7b0f05369c3fcb44",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-e53f4447b8bab94d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-b49637f3afa2084c",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-c01f5f9eac0f3a43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-ad39bfc58d5e0947",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-19b0174e9bdb9949",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":30}"
+                    },
+                    {
+                        "key": "panelpane-5c58046da1e6694a",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":18}"
+                    },
+                    {
+                        "key": "panelpane-2f1abc5ebf907a4d",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":24}"
+                    },
+                    {
+                        "key": "panelpane-82733dab9e683b4a",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panelpane-4817ee4eba34b940",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panelpane-4c3d5946a9d6984c",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-bd401cb7bbb51b45",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":30}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-4d1721cf8a106944",
+                    "title": "Select Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=SelectLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-1617ebb3b18df944",
+                    "title": "Select Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=SelectThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-0034b33d96ee5a49",
+                    "title": "Update Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=UpdateLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-d554054b8f056b42",
+                    "title": "Update Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=UpdateThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-f4ece00d90a1794b",
+                    "title": "Insert Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=InsertLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-92e5f3b5a2d4db40",
+                    "title": "Insert Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=InsertThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-7b0f05369c3fcb44",
+                    "title": "Delete Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DeleteLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e53f4447b8bab94d",
+                    "title": "Delete Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DeleteThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-b49637f3afa2084c",
+                    "title": "DDL Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DDLLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-c01f5f9eac0f3a43",
+                    "title": "DDL Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DDLThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-ad39bfc58d5e0947",
+                    "title": "DML Latency",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DMLLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-19b0174e9bdb9949",
+                    "title": "DML Throughput",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=DMLThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5c58046da1e6694a",
+                    "title": "Active Transactions",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Transaction / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ActiveTransactions statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-2f1abc5ebf907a4d",
+                    "title": "Blocked Transactions",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Transaction / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BlockedTransactions statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-82733dab9e683b4a",
+                    "title": "Login Failures",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Attempts / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=LoginFailures statistic=SampleCount account={{account}} region={{region}} dbidentifier={{dbidentifier}} | sum by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4817ee4eba34b940",
+                    "title": "Queries",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Queries / Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=Queries statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4c3d5946a9d6984c",
+                    "title": "ResultSet Cache Hit Ratio",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"%\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=ResultSetCacheHitRatio statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-bd401cb7bbb51b45",
+                    "title": "Aurora Binlog Replica Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Second\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraBinlogReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5. Amazon RDS - Aurora MySQL Global Database and Backtrack Activity",
+            "description": "The Amazon RDS Aurora MySQL Global Database and BackTrack Activity dashboard provides insights into Aurora MySQL performance data from across your infrastructure for Global Database activity and Backtrack activity.",
+            "title": "5. Amazon RDS - Aurora MySQL Global Database and Backtrack Activity",
+            "rootPanel": null,
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/rds"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "dbidentifier": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-331d9c2a81957b4b",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-6446545c95420a4d",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-1e3a0fa4aa84284e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-5b2a1d2284414a44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelpane-e1aabad296a0994e",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panelpane-493b25018f2cfb4f",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelpane-4d5a606b8876ab43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-9e65dd14af01ea46",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":1}"
+                    },
+                    {
+                        "key": "panelpane-97341b52b67a784b",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":1}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-331d9c2a81957b4b",
+                    "title": "Backtrack Change Records Creation Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Backtrack Change Record Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BacktrackChangeRecordsCreationRate statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The number of backtrack change records created over five minutes for your DB cluster.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-6446545c95420a4d",
+                    "title": "Backtrack Change Records Stored",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Backtrack Change Records Used\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BacktrackChangeRecordsStored statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The actual number of backtrack change records used by your DB cluster.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-1e3a0fa4aa84284e",
+                    "title": "Backtrack Window Actual",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Target Vs Actual Backtrack Delta\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BacktrackWindowActual statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The difference between the target backtrack window and the actual backtrack window.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-5b2a1d2284414a44",
+                    "title": "Backtrack Window Alert",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Number of Alerts\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=BacktrackWindowAlert statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "The number of times that the actual backtrack window is smaller than the target backtrack window for a given period of time.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-e1aabad296a0994e",
+                    "title": "BackTrack Activity",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-493b25018f2cfb4f",
+                    "title": "MySQL Global Database Activity",
+                    "visualSettings": "{\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"title\":{\"fontSize\":\"20\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-4d5a606b8876ab43",
+                    "title": "Aurora Global DB Replicated Write IO",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraGlobalDBReplicatedWriteIO statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "In an Aurora Global Database, the number of write I/O operations replicated from the primary AWS Region to the cluster volume in a secondary AWS Region. The billing calculations for the secondary AWS Regions in a global database use VolumeWriteIOPS to account for writes performed within the cluster. The billing calculations for the primary AWS Region in a global database use VolumeWriteIOPS to account for the write activity within that cluster, and AuroraGlobalDBReplicatedWriteIO to account for cross-region replication within the global database.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-9e65dd14af01ea46",
+                    "title": "Aurora Global DB Data Transfer Bytes",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraGlobalDBDataTransferBytes statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "In an Aurora Global Database, the amount of redo log data transferred from the master AWS Region to a secondary AWS Region.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelpane-97341b52b67a784b",
+                    "title": "Aurora Global DB Replication Lag",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Milliseconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{dbidentifier}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "queryString": "Namespace={{namespace}} metric=AuroraGlobalDBReplicationLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message"
+                        }
+                    ],
+                    "description": "For an Aurora Global Database, the amount of lag when replicating updates from the primary AWS Region, in milliseconds.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": null,
+                    "defaultValue": "aws/rds",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}}",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                },
+                {
+                    "id": null,
+                    "name": "dbidentifier",
+                    "displayName": null,
+                    "defaultValue": null,
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "dbidentifier"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Test-Alerts.json b/aws-observability-terraform/examples/aws-observability/json/Test-Alerts.json
new file mode 100644
index 00000000..a73b391b
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Test-Alerts.json
@@ -0,0 +1,77 @@
+{
+  "name": "TestMonitor",
+  "description": "",
+  "type": "MonitorsLibraryFolderExport",
+  "children": [
+    {
+      "name": "TestMonitor",
+      "description": "This is a test monitor.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "_sourceCategory=abc"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "timeRange": "-5m",
+          "triggerType": "Critical",
+          "threshold": 0,
+          "thresholdType": "GreaterThanOrEqual",
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "timeRange": "-5m",
+          "triggerType": "ResolvedCritical",
+          "threshold": 0,
+          "thresholdType": "LessThan",
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true
+    },
+    {
+      "name": "TestMetricMonitor",
+      "description": "This is a test metric monitor",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "metric=4XXError _sourcecategory=abc"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "timeRange": "-5m",
+          "triggerType": "Critical",
+          "threshold": 0,
+          "thresholdType": "GreaterThanOrEqual",
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "timeRange": "-5m",
+          "triggerType": "ResolvedCritical",
+          "threshold": 0,
+          "thresholdType": "LessThan",
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true
+    }
+  ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/go.mod b/aws-observability-terraform/go.mod
new file mode 100644
index 00000000..080471a6
--- /dev/null
+++ b/aws-observability-terraform/go.mod
@@ -0,0 +1,86 @@
+module github.com/SumoLogic/sumologic-solution-templates/aws-observability-terraform
+
+go 1.18
+
+require github.com/gruntwork-io/terratest v0.40.7
+
+require (
+	cloud.google.com/go v0.83.0 // indirect
+	cloud.google.com/go/storage v1.10.0 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/aws/aws-sdk-go v1.40.56 // indirect
+	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect
+	github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect
+	github.com/go-logr/logr v0.2.0 // indirect
+	github.com/go-sql-driver/mysql v1.4.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.3 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.2.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.0.5 // indirect
+	github.com/googleapis/gnostic v0.4.1 // indirect
+	github.com/gruntwork-io/go-commons v0.8.0 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-getter v1.5.9 // indirect
+	github.com/hashicorp/go-multierror v1.1.0 // indirect
+	github.com/hashicorp/go-safetemp v1.0.0 // indirect
+	github.com/hashicorp/go-version v1.3.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.9.1 // indirect
+	github.com/hashicorp/terraform-json v0.13.0 // indirect
+	github.com/imdario/mergo v0.3.11 // indirect
+	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/jstemmer/go-junit-report v0.9.1 // indirect
+	github.com/klauspost/compress v1.13.0 // indirect
+	github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pquerna/otp v1.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/testify v1.7.0 // indirect
+	github.com/tmccombs/hcl2json v0.3.3 // indirect
+	github.com/ulikunitz/xz v0.5.8 // indirect
+	github.com/urfave/cli v1.22.2 // indirect
+	github.com/zclconf/go-cty v1.9.1 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
+	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
+	golang.org/x/mod v0.4.2 // indirect
+	golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect
+	golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect
+	golang.org/x/sys v0.0.0-20210603125802-9665404d3644 // indirect
+	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
+	golang.org/x/text v0.3.6 // indirect
+	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
+	golang.org/x/tools v0.1.2 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/api v0.47.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
+	google.golang.org/grpc v1.38.0 // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	k8s.io/api v0.20.6 // indirect
+	k8s.io/apimachinery v0.20.6 // indirect
+	k8s.io/client-go v0.20.6 // indirect
+	k8s.io/klog/v2 v2.4.0 // indirect
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.0.3 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
+)
diff --git a/aws-observability-terraform/go.sum b/aws-observability-terraform/go.sum
new file mode 100644
index 00000000..356f2f73
--- /dev/null
+++ b/aws-observability-terraform/go.sum
@@ -0,0 +1,758 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0 h1:bAMqZidYkmIsUqe6PtkEPT7Q+vfizScn+jfNA6jwK9c=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
+github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
+github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
+github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
+github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
+github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
+github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
+github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
+github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
+github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
+github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
+github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
+github.com/aws/aws-sdk-go v1.40.56 h1:FM2yjR0UUYFzDTMx+mH9Vyw1k1EUUxsAFzk+BjkzANA=
+github.com/aws/aws-sdk-go v1.40.56/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
+github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
+github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
+github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c h1:ZfSZ3P3BedhKGUhzj7BQlPSU4OvT6tfOKe3DVHzOA7s=
+github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
+github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
+github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 h1:yY9rWGoXv1U5pl4gxqlULARMQD7x0QG85lqEXTWysik=
+github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU=
+github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
+github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
+github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
+github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
+github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
+github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
+github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
+github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
+github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1 h1:d8MncMlErDFTwQGBK1xhv026j9kqhvw1Qv9IbWT1VLQ=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I=
+github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
+github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro=
+github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78=
+github.com/gruntwork-io/terratest v0.40.7 h1:kp6Ymc3hPMdsCoV2Ij2C5QqooCCwELuIopKXhWho/jE=
+github.com/gruntwork-io/terratest v0.40.7/go.mod h1:CjHsEgP1Pe987X5N8K5qEqCuLtu1bqERGIAF8bTj1s0=
+github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-getter v1.5.9 h1:b7ahZW50iQiUek/at3CvZhPK1/jiV6CtKcsJiR6E4R0=
+github.com/hashicorp/go-getter v1.5.9/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI=
+github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
+github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
+github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.3.0 h1:McDWVJIU/y+u1BRV06dPaLfLCaT7fUTJLp5r04x7iNw=
+github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl/v2 v2.9.1 h1:eOy4gREY0/ZQHNItlfuEZqtcQbXIxzojlP301hDpnac=
+github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
+github.com/hashicorp/terraform-json v0.13.0 h1:Li9L+lKD1FO5RVFRM1mMMIBDoUHslOniyEi5CM+FWGY=
+github.com/hashicorp/terraform-json v0.13.0/go.mod h1:y5OdLBCT+rxbwnpxZs9kGL7R9ExU76+cpdY8zHwoazk=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
+github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o=
+github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s=
+github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs=
+github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
+github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg=
+github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok=
+github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ=
+github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w=
+github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ=
+github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
+github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty v1.8.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty v1.9.1 h1:viqrgQwFl5UpSxc046qblj78wZXVDFnSOufaOTER+cc=
+github.com/zclconf/go-cty v1.9.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
+golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
+golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644 h1:CA1DEQ4NdKphKeL70tvsWNdT5oFh1lOjihRcEDROi0I=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s=
+golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0 h1:sQLWZQvP6jPGIP4JGPkJu4zHswrv81iobiyszr3b/0I=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/api v0.20.6 h1:bgdZrW++LqgrLikWYNruIKAtltXbSCX2l5mJu11hrVE=
+k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
+k8s.io/apimachinery v0.20.6 h1:R5p3SlhaABYShQSO6LpPsYHjV05Q+79eBUR0Ut/f4tk=
+k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
+k8s.io/client-go v0.20.6 h1:nJZOfolnsVtDtbGJNCxzOtKUAu7zvXjB8+pMo9UNxZo=
+k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
+k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
+k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
+k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
+k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
+k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
+k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
+k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.3 h1:4oyYo8NREp49LBBhKxEqCulFjg26rawYKrnCmg+Sr6c=
+sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
+sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
+sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
+sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/README.md
new file mode 100644
index 00000000..ef28cb88
--- /dev/null
+++ b/aws-observability-terraform/test/README.md
@@ -0,0 +1,72 @@
+# Unit/Integration Tests for Sumo Logic SDO Terraform
+
+#### Unit Tests
+
+The unit tests verify/run following:
+1. `terraform` installation.
+2. `tflint` installation.
+3. Run `tflint`.
+4. Run `terraform init`. Make sure third party plugins are installed otherwise this will fail.
+5. Run `terraform validate`.
+6. Run `terraform fmt`.
+
+#### Running unit tests
+
+```shell
+cd test
+sh unit_tests.sh
+```
+
+#### Integration Tests
+
+[Terratest](https://terratest.gruntwork.io/) is being used for Integration testing of the Sumo Logic SDO Terraform scripts.
+
+Following objects are verified:
+
+1. Sumo Logic:
+
+    * Collector.
+    * Sources for each app i.e. Jira Server, Jira Cloud, Opsgenie, Bitbucket, Github and Pagerduty.
+    * App installation for Jira Cloud, Jira Server, Opsgenie, Bitbucket, Github and Pagerduty.
+    * Webhooks for Jira Cloud, Jira Server, Jira Service Desk, Opsgenie and Pagerduty.
+
+2. Atlassian
+
+    * Opsgenie Integration.
+
+3. Pagerduty
+
+    * Pagerduty Integration.
+
+
+#### Running integration tests
+
+
+1. Configure the execution options in `sumologic.auto.tfvars`, `atlassian.auto.tfvars`, `github.auto.tfvars`, `pagerduty.auto.tfvars` and `webhooks.auto-tfvars`.
+2. Configure your Sumo Logic Username by setting the environment variable:
+
+    * `SUMOLOGIC_USERNAME`, it should be the same user with which the access id is created.
+
+3. Install Terraform and make sure it's on your PATH.
+4. Install Golang and make sure it's on your PATH.
+5. Execute Tests
+
+    ```shell
+    cd test
+    dep ensure
+    go test -v -timeout 30m
+    ```
+6. The tests are divided into multiple stages:
+
+    * deploy
+    * validateSumoLogic
+    * validateAtlassian
+    * validatePagerduty
+    * cleanup
+
+    All the stages are executed by default. If you would like to skip a stage set the environment variables like `SKIP_deploy=true`.
+    This is very helpful for example if you are modifying the code and do not want to create/destroy resources with each test run.
+    To achieve this, for the first run you would set `SKIP_cleanup=true` and all other variables should be unset.
+    For the second run it would be `SKIP_cleanup=true` and `SKIP_deploy=true`.
+
+    Now, you can run tests without creating/destroying resources with each run. Once you are finished, unset `SKIP_cleanup` and run the tests to clean up the resources.
diff --git a/aws-observability-terraform/test/him_test.go b/aws-observability-terraform/test/him_test.go
new file mode 100644
index 00000000..a2298c56
--- /dev/null
+++ b/aws-observability-terraform/test/him_test.go
@@ -0,0 +1,146 @@
+package test
+
+import (
+	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
+	"testing"
+)
+
+// Following Test cases are executed in sequence one after another.
+// It takes around 20 mins to execute following 4 test scenerios.
+
+// Main function
+// Testing scenerio 1 - default scenerio
+func TestAppModule1(t *testing.T) {
+	// t.Parallel()
+
+	// The values to pass into the terraform CLI
+	// rootFolder := "../"
+	// terraformFolderRelativeToRoot := "examples/appmodule"
+	// // Copy the terraform folder to a temp folder
+	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
+	TerraformDir := "../examples/appmodule"
+	props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+	Vars := map[string]interface{}{}
+
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		validateSumoLogicResources(t, TerraformDir)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+
+}
+
+// Testing scenerio 2 - Install in Admin Recom folder,share - true, override -  Monitor folder name, enable log + metric monitor
+func TestAppModule2(t *testing.T) {
+	// t.Parallel()
+
+	Vars := map[string]interface{}{
+		"sumologic_folder_installation_location": "Admin Recommended Folder",
+		"sumologic_folder_share_with_org":        "true",
+		"monitors_folder":                        "AWS Monitors Test2",
+		"alb_monitors":                           "false",
+		"ec2metrics_monitors":                    "false",
+	}
+
+	// The values to pass into the terraform CLI
+	// rootFolder := ".."
+	// terraformFolderRelativeToRoot := "examples/appmodule"
+	// // Copy the terraform folder to a temp folder
+	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
+	TerraformDir := "../examples/appmodule"
+	props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		validateSumoLogicResources(t, TerraformDir)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
+
+// Testing scenerio 3 - Install in Personal folder, share is false, override - App folder, enable log and metric monitor
+func TestAppModule3(t *testing.T) {
+	// t.Parallel()
+
+	Vars := map[string]interface{}{
+		"sumologic_folder_share_with_org": "false",
+		"apps_folder":                     "AWS Observability Test3",
+		"elasticache_monitors":            "false",
+	}
+
+	// The values to pass into the terraform CLI
+	// rootFolder := ".."
+	// terraformFolderRelativeToRoot := "examples/appmodule"
+	// // Copy the terraform folder to a temp folder
+	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
+	TerraformDir := "../examples/appmodule"
+	props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		validateSumoLogicResources(t, TerraformDir)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
+
+// Testing scenerio 4 - Install in Admin Recom folder,share - false, override - App folder name, Monitor folder name, enable metric monitor
+func TestAppModule4(t *testing.T) {
+	// t.Parallel()
+
+	Vars := map[string]interface{}{
+		"sumologic_folder_installation_location": "Admin Recommended Folder",
+		"sumologic_folder_share_with_org":        "false",
+		"apps_folder":                            "AWS Observability Test4",
+		"monitors_folder":                        "AWS Monitors Test4",
+		"ecs_monitors":                           "false",
+	}
+
+	// // The values to pass into the terraform CLI
+	// // rootFolder := ".."
+	// // terraformFolderRelativeToRoot := "examples/appmodule"
+	// // // Copy the terraform folder to a temp folder
+	// // TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
+	TerraformDir := "../examples/appmodule"
+	// props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		validateSumoLogicResources(t, TerraformDir)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
diff --git a/aws-observability-terraform/test/terraform.go b/aws-observability-terraform/test/terraform.go
new file mode 100644
index 00000000..1f9d7723
--- /dev/null
+++ b/aws-observability-terraform/test/terraform.go
@@ -0,0 +1,45 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
+)
+
+// Deploy the resources using Terraform
+func deployTerraform(t *testing.T, workingDir string, Variables map[string]interface{}) {
+
+	// The values to pass into the terraform CLI
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+
+		// The path to where our Terraform code is located
+		TerraformDir: workingDir,
+
+		// Variables to pass to our Terraform code using -var options
+		Vars: Variables,
+
+		// Disable colors in Terraform commands so its easier to parse stdout/stderr
+		NoColor: true,
+	})
+
+	// Save the Terraform Options struct, instance name, and instance text so future test stages can use it
+	test_structure.SaveTerraformOptions(t, workingDir, terraformOptions)
+
+	// This will run `terraform init` and `terraform apply` and fail the test if there are any errors
+	terraform.InitAndApply(t, terraformOptions)
+}
+
+// Destroy the resources using Terraform
+func destroyTerraform(t *testing.T, workingDir string) {
+	// Load the Terraform Options saved by the earlier deploy_terraform stage
+	terraformOptions := test_structure.LoadTerraformOptions(t, workingDir)
+
+	out, err := terraform.DestroyE(t, terraformOptions)
+	if err != nil {
+		// fmt.Println(err)
+		terraform.DestroyE(t, terraformOptions)
+	}
+	fmt.Println(out)
+}
diff --git a/aws-observability-terraform/test/unit_tests.sh b/aws-observability-terraform/test/unit_tests.sh
new file mode 100644
index 00000000..101cd3d9
--- /dev/null
+++ b/aws-observability-terraform/test/unit_tests.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+echo "Check requirements"
+
+function check_command()
+{
+    local cmd="$1"
+    if ! command -v ${cmd} > /dev/null 2>&1; then
+        echo "This requires ${cmd} command, please install it first."
+        if [[ "$1" == "terraform" ]]; then
+            echo "You can install using this command on Mac: brew install terraform, Windows: choco install terraform and by downloading binary on other systems."
+        elif [[ "$1" == "tflint" ]]; then
+            echo "You can install using this command on Mac: brew install tflint, Windows: choco install tflint and by downloading binary on other systems."
+        fi
+        exit 1
+    fi
+}
+
+for cmd in terraform tflint; do
+    echo -e "\t- Check command \"$cmd\" exists."
+    check_command $cmd
+done
+
+cd ..
+
+echo "\t- Tflint"
+tflint
+
+echo "\t- Check terraform init"
+terraform init
+
+echo "\t- Check terraform validate"
+terraform validate
+
+echo "\t- Check terraform fmt"
+terraform fmt -write=false -diff=true -check=true
+
+echo "Done. Please review any errors above."
diff --git a/aws-observability-terraform/test/utils.go b/aws-observability-terraform/test/utils.go
new file mode 100644
index 00000000..a5137c0a
--- /dev/null
+++ b/aws-observability-terraform/test/utils.go
@@ -0,0 +1,47 @@
+package test
+
+import (
+	"bufio"
+	"log"
+	"os"
+	"strings"
+)
+
+// AppConfigProperties Map of properties
+type AppConfigProperties map[string]string
+
+// ReadPropertiesFile Read properties file and create a map. This method is used to read the terraform configuration files which are required while running the tests.
+func ReadPropertiesFile(filename string) (AppConfigProperties, error) {
+	config := AppConfigProperties{}
+
+	if len(filename) == 0 {
+		return config, nil
+	}
+	file, err := os.Open(filename)
+	if err != nil {
+		log.Fatal(err)
+		return nil, err
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if equal := strings.Index(line, "="); equal >= 0 {
+			if key := strings.TrimSpace(line[:equal]); len(key) > 0 {
+				value := ""
+				if len(line) > equal {
+					value = strings.Replace(strings.TrimSpace(line[equal+1:]), "\"", "", -1)
+				}
+				config[key] = value
+			}
+		}
+	}
+
+	if err := scanner.Err(); err != nil {
+		log.Fatal(err)
+		return nil, err
+	}
+
+	return config, nil
+}
diff --git a/aws-observability-terraform/test/validateSumo.go b/aws-observability-terraform/test/validateSumo.go
new file mode 100644
index 00000000..9ec873cc
--- /dev/null
+++ b/aws-observability-terraform/test/validateSumo.go
@@ -0,0 +1,223 @@
+package test
+
+import (
+	"encoding/base64"
+	"fmt"
+	"net/url"
+	"testing"
+	"time"
+
+	http_helper "github.com/gruntwork-io/terratest/modules/http-helper"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
+)
+
+var props = loadPropertiesFile("../examples/default/main.auto.tfvars")
+
+func loadPropertiesFile(file string) map[string]string {
+	props, err := ReadPropertiesFile(file)
+	if err != nil {
+		fmt.Println("Error while reading properties file " + err.Error())
+	}
+	return props
+}
+
+//SumoLogic Environment URL
+var sumologicURL = getSumologicURL()
+
+func getSumologicURL() string {
+	u, _ := url.Parse(getProperty("sumo_api_endpoint"))
+	return u.Scheme + "://" + u.Host
+}
+
+func getProperty(property string) string {
+	return props[property]
+}
+
+var customValidation = func(statusCode int, body string) bool { return statusCode == 200 }
+
+// We are creating admin header because Folder is not visible in case of Admin Recom Folder with share = false, only visible with admin mode
+var headers = map[string]string{"Authorization": "Basic " + base64.StdEncoding.EncodeToString([]byte(getProperty("sumologic_access_id")+":"+getProperty("sumologic_access_key"))), "isAdminMode": "true"}
+
+// Validate that the Sumo Logic Resources have been created
+func validateSumoLogicResources(t *testing.T, workingDir string) {
+
+	// Load the Terraform Options saved by the earlier deploy_terraform stage
+	terraformOptions := test_structure.LoadTerraformOptions(t, workingDir)
+
+	// App Folders
+	// Validate if the AWSO Apps folder is created successfully
+	awsoFolderID := terraform.Output(t, terraformOptions, "apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, awsoFolderID)
+	// Validate if the ALB App folder is created successfully
+	albFolderID := terraform.Output(t, terraformOptions, "alb_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, albFolderID)
+	// Validate if the API Gateway App folder is created successfully
+	apigatewayFolderID := terraform.Output(t, terraformOptions, "apigateway_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, apigatewayFolderID)
+	// Validate if the CLB App folder is created successfully
+	clbFolderID := terraform.Output(t, terraformOptions, "clb_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, clbFolderID)
+	time.Sleep(2 * time.Second)
+	// Validate if the DynamoDB App folder is created successfully
+	dynamodbFolderID := terraform.Output(t, terraformOptions, "dynamodb_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, dynamodbFolderID)
+	// Validate if the EC2 metrics App folder is created successfully
+	ec2metricsFolderID := terraform.Output(t, terraformOptions, "ec2metrics_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, ec2metricsFolderID)
+	// Validate if the ECS App folder is created successfully
+	ecsFolderID := terraform.Output(t, terraformOptions, "ecs_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, ecsFolderID)
+	// Validate if the Elasticache App folder is created successfully
+	elasticacheFolderID := terraform.Output(t, terraformOptions, "elasticache_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, elasticacheFolderID)
+	time.Sleep(2 * time.Second)
+	// Validate if the Lambda App folder is created successfully
+	lambdaFolderID := terraform.Output(t, terraformOptions, "lambda_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, lambdaFolderID)
+	// Validate if the NLB App folder is created successfully
+	nlbFolderID := terraform.Output(t, terraformOptions, "nlb_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, nlbFolderID)
+	// Validate if the RCE App folder is created successfully
+	rceFolderID := terraform.Output(t, terraformOptions, "rce_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, rceFolderID)
+	// Validate if the RDS App folder is created successfully
+	rdsFolderID := terraform.Output(t, terraformOptions, "rds_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, rdsFolderID)
+	time.Sleep(2 * time.Second)
+
+	// Monitor Folder
+	// Validate if the Monitors folder is created successfully
+	validateSumoLogicMonitorsFolder(t, terraformOptions)
+
+	// Hierarchy
+	validateSumoLogicHierarchy(t, terraformOptions)
+
+	// FERs
+	// Validate if the ALB FER is created successfully
+	albFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_alb")
+	validateSumoLogicFER(t, terraformOptions, albFerID)
+	// Validate if the API Gateway FER is created successfully
+	apigatewayFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_apigateway")
+	validateSumoLogicFER(t, terraformOptions, apigatewayFerID)
+	time.Sleep(2 * time.Second)
+	// Validate if the DynamoDB FER is created successfully
+	dynamodbFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_dynamodb")
+	validateSumoLogicFER(t, terraformOptions, dynamodbFerID)
+	// Validate if the ECS FER is created successfully
+	ecsFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_ecs")
+	validateSumoLogicFER(t, terraformOptions, ecsFerID)
+	// Validate if the Elasticache FER is created successfully
+	elasticacheFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_elasticache")
+	validateSumoLogicFER(t, terraformOptions, elasticacheFerID)
+	// Validate if the ELB FER is created successfully
+	elbFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_elb")
+	validateSumoLogicFER(t, terraformOptions, elbFerID)
+	time.Sleep(2 * time.Second)
+	// Validate if the Lambda FER is created successfully
+	lambdaFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_lambda")
+	validateSumoLogicFER(t, terraformOptions, lambdaFerID)
+	// Validate if the Lambda CW FER is created successfully
+	lambdacwFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_lambda_cw")
+	validateSumoLogicFER(t, terraformOptions, lambdacwFerID)
+	// Validate if the RDS FER is created successfully
+	rdsFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_rds")
+	validateSumoLogicFER(t, terraformOptions, rdsFerID)
+
+	// Fields
+	// Validate if the account Field is created successfully
+	accountField := terraform.Output(t, terraformOptions, "sumologic_field_account")
+	validateSumoLogicField(t, terraformOptions, accountField)
+	time.Sleep(2 * time.Second)
+	// Validate if the accountid Field is created successfully
+	accountidField := terraform.Output(t, terraformOptions, "sumologic_field_accountid")
+	validateSumoLogicField(t, terraformOptions, accountidField)
+	// Validate if the region Field is created successfully
+	regionField := terraform.Output(t, terraformOptions, "sumologic_field_region")
+	validateSumoLogicField(t, terraformOptions, regionField)
+	// Validate if the namespace Field is created successfully
+	namespaceField := terraform.Output(t, terraformOptions, "sumologic_field_namespace")
+	validateSumoLogicField(t, terraformOptions, namespaceField)
+	// Validate if the apiname Field is created successfully
+	apigatewayField := terraform.Output(t, terraformOptions, "sumologic_field_apiname")
+	validateSumoLogicField(t, terraformOptions, apigatewayField)
+	time.Sleep(2 * time.Second)
+	// Validate if the cacheclusterid Field is created successfully
+	elasticacheField := terraform.Output(t, terraformOptions, "sumologic_field_cacheclusterid")
+	validateSumoLogicField(t, terraformOptions, elasticacheField)
+	// Validate if the loadbalancer Field is created successfully
+	loadbalancerField := terraform.Output(t, terraformOptions, "sumologic_field_loadbalancer")
+	validateSumoLogicField(t, terraformOptions, loadbalancerField)
+	// Validate if the loadbalancername Field is created successfully
+	loadbalancernameField := terraform.Output(t, terraformOptions, "sumologic_field_loadbalancername")
+	validateSumoLogicField(t, terraformOptions, loadbalancernameField)
+	// Validate if the tablename Field is created successfully
+	tablenameField := terraform.Output(t, terraformOptions, "sumologic_field_tablename")
+	validateSumoLogicField(t, terraformOptions, tablenameField)
+	time.Sleep(2 * time.Second)
+	// Validate if the instanceid Field is created successfully
+	instanceidField := terraform.Output(t, terraformOptions, "sumologic_field_instanceid")
+	validateSumoLogicField(t, terraformOptions, instanceidField)
+	// Validate if the clustername Field is created successfully
+	clusternameField := terraform.Output(t, terraformOptions, "sumologic_field_clustername")
+	validateSumoLogicField(t, terraformOptions, clusternameField)
+	// Validate if the functionname Field is created successfully
+	functionnameField := terraform.Output(t, terraformOptions, "sumologic_field_functionname")
+	validateSumoLogicField(t, terraformOptions, functionnameField)
+	// Validate if the networkloadbalancer Field is created successfully
+	networkloadbalancerField := terraform.Output(t, terraformOptions, "sumologic_field_networkloadbalancer")
+	validateSumoLogicField(t, terraformOptions, networkloadbalancerField)
+	time.Sleep(2 * time.Second)
+	// Validate if the dbidentifier Field is created successfully
+	dbidentifierField := terraform.Output(t, terraformOptions, "sumologic_field_dbidentifier")
+	validateSumoLogicField(t, terraformOptions, dbidentifierField)
+
+	// Metric Rules
+	// NLB
+	nlbMetricRule := terraform.Output(t, terraformOptions, "sumologic_metric_rule_nlb")
+	validateSumoLogicMetricRule(t, terraformOptions, nlbMetricRule)
+	//RDS Cluster
+	rdsMetricRule := terraform.Output(t, terraformOptions, "sumologic_metric_rule_rds_cluster")
+	validateSumoLogicMetricRule(t, terraformOptions, rdsMetricRule)
+	//RDS Instance
+	rdsInsMetricRule := terraform.Output(t, terraformOptions, "sumologic_metric_rule_rds_instance")
+	validateSumoLogicMetricRule(t, terraformOptions, rdsInsMetricRule)
+	time.Sleep(2 * time.Second)
+
+}
+
+func validateSumoLogicAppsFolder(t *testing.T, terraformOptions *terraform.Options, folderID string) {
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v2/content/folders/%s", sumologicURL, folderID), nil, headers, customValidation, nil)
+}
+
+func validateSumoLogicFER(t *testing.T, terraformOptions *terraform.Options, ferId string) {
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/extractionRules/%s", sumologicURL, ferId), nil, headers, customValidation, nil)
+}
+
+func validateSumoLogicField(t *testing.T, terraformOptions *terraform.Options, fieldID string) {
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/fields/%s", sumologicURL, fieldID), nil, headers, customValidation, nil)
+}
+
+func validateSumoLogicMetricRule(t *testing.T, terraformOptions *terraform.Options, metricRuleID string) {
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/metricsRules/%s", sumologicURL, metricRuleID), nil, headers, customValidation, nil)
+}
+
+func validateSumoLogicMonitorsFolder(t *testing.T, terraformOptions *terraform.Options) {
+	// Run `terraform output` to get the value of an output variable
+	folderID := terraform.Output(t, terraformOptions, "monitors_folder_id")
+
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/monitors/%s", sumologicURL, folderID), nil, headers, customValidation, nil)
+}
+
+func validateSumoLogicHierarchy(t *testing.T, terraformOptions *terraform.Options) {
+	// Run `terraform output` to get the value of an output variable
+	hierarchyID := terraform.Output(t, terraformOptions, "hierarchy_id")
+
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/entities/hierarchies/%s", sumologicURL, hierarchyID), nil, headers, customValidation, nil)
+}

From 9442d13f780d39ff16032707c80296b100f61905 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Tue, 17 May 2022 14:08:18 +0530
Subject: [PATCH 12/82] renaming files

---
 aws-observability-terraform/test/{ => appmodule}/README.md        | 0
 .../test/{him_test.go => appmodule/app_test.go}                   | 0
 aws-observability-terraform/test/{ => appmodule}/terraform.go     | 0
 aws-observability-terraform/test/{ => appmodule}/unit_tests.sh    | 0
 aws-observability-terraform/test/{ => appmodule}/utils.go         | 0
 aws-observability-terraform/test/{ => appmodule}/validateSumo.go  | 0
 6 files changed, 0 insertions(+), 0 deletions(-)
 rename aws-observability-terraform/test/{ => appmodule}/README.md (100%)
 rename aws-observability-terraform/test/{him_test.go => appmodule/app_test.go} (100%)
 rename aws-observability-terraform/test/{ => appmodule}/terraform.go (100%)
 rename aws-observability-terraform/test/{ => appmodule}/unit_tests.sh (100%)
 rename aws-observability-terraform/test/{ => appmodule}/utils.go (100%)
 rename aws-observability-terraform/test/{ => appmodule}/validateSumo.go (100%)

diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/appmodule/README.md
similarity index 100%
rename from aws-observability-terraform/test/README.md
rename to aws-observability-terraform/test/appmodule/README.md
diff --git a/aws-observability-terraform/test/him_test.go b/aws-observability-terraform/test/appmodule/app_test.go
similarity index 100%
rename from aws-observability-terraform/test/him_test.go
rename to aws-observability-terraform/test/appmodule/app_test.go
diff --git a/aws-observability-terraform/test/terraform.go b/aws-observability-terraform/test/appmodule/terraform.go
similarity index 100%
rename from aws-observability-terraform/test/terraform.go
rename to aws-observability-terraform/test/appmodule/terraform.go
diff --git a/aws-observability-terraform/test/unit_tests.sh b/aws-observability-terraform/test/appmodule/unit_tests.sh
similarity index 100%
rename from aws-observability-terraform/test/unit_tests.sh
rename to aws-observability-terraform/test/appmodule/unit_tests.sh
diff --git a/aws-observability-terraform/test/utils.go b/aws-observability-terraform/test/appmodule/utils.go
similarity index 100%
rename from aws-observability-terraform/test/utils.go
rename to aws-observability-terraform/test/appmodule/utils.go
diff --git a/aws-observability-terraform/test/validateSumo.go b/aws-observability-terraform/test/appmodule/validateSumo.go
similarity index 100%
rename from aws-observability-terraform/test/validateSumo.go
rename to aws-observability-terraform/test/appmodule/validateSumo.go

From 7ae1fc2cf6196e449140f13228e3ceebdc2bbd65 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Tue, 17 May 2022 16:29:26 +0530
Subject: [PATCH 13/82] fixed minor issue identified by app unit test method in
 API Gateway Dashboard.

---
 aws-observability/json/Api-Gateway-App.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability/json/Api-Gateway-App.json b/aws-observability/json/Api-Gateway-App.json
index 3478a2f4..60416840 100644
--- a/aws-observability/json/Api-Gateway-App.json
+++ b/aws-observability/json/Api-Gateway-App.json
@@ -1945,7 +1945,7 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Auto",
+                            "parseMode": "Manual",
                             "timeSource": "Message"
                         },
                         {
@@ -1957,7 +1957,7 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Auto",
+                            "parseMode": "Manual",
                             "timeSource": "Message"
                         }
                     ],

From 4cb73a9ecbd310722de1138781a8955232504382 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Tue, 17 May 2022 21:47:19 +0530
Subject: [PATCH 14/82] Minor updates to Panel names. Removed space before
 panel title from AWS API Gateway Dashboards.

---
 aws-observability/json/Api-Gateway-App.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability/json/Api-Gateway-App.json b/aws-observability/json/Api-Gateway-App.json
index 60416840..98e44895 100644
--- a/aws-observability/json/Api-Gateway-App.json
+++ b/aws-observability/json/Api-Gateway-App.json
@@ -92,7 +92,7 @@
                 {
                     "id": null,
                     "key": "panelpane-07fe4834864daa40",
-                    "title": " API Requests (Today, Yesterday, Last Week)",
+                    "title": "API Requests (Today, Yesterday, Last Week)",
                     "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today, {{apiname}}\"}},{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{apiname}}\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{apiname}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -809,7 +809,7 @@
                 {
                     "id": null,
                     "key": "panelPANE-F43AE7E8952D5A40",
-                    "title": " API Requests (Today, Yesterday, Last Week)",
+                    "title": "API Requests (Today, Yesterday, Last Week)",
                     "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",

From 233b4657b41ac5155a1145a1c2509046f9c5961e Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Tue, 24 May 2022 16:13:51 +0530
Subject: [PATCH 15/82] minor changes for optimization in clb app json

---
 aws-observability/json/Classic-lb-App.json | 182 ++++++++++++++++++---
 1 file changed, 160 insertions(+), 22 deletions(-)

diff --git a/aws-observability/json/Classic-lb-App.json b/aws-observability/json/Classic-lb-App.json
index 9cf53585..c81842b8 100644
--- a/aws-observability/json/Classic-lb-App.json
+++ b/aws-observability/json/Classic-lb-App.json
@@ -8,7 +8,6 @@
             "name": "1. AWS Classic Load Balancer - Overview",
             "description": "See the overview of Classic load balancer including the requests, healthy and unhealthy host count, backend response time, and active connections.",
             "title": "1. AWS Classic Load Balancer - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -107,12 +106,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -131,12 +132,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -155,12 +158,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=BackendConnectionErrors Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -179,12 +184,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -203,12 +210,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SurgeQueueLength Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -227,12 +236,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -251,22 +262,26 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -285,12 +300,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -309,12 +326,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -333,12 +352,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| sum(_count) by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| sum(_count) by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -357,12 +378,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | eval(_value*1000) | avg by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -381,12 +404,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_5XX  Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -405,12 +430,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX  Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -429,12 +456,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -453,12 +482,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as method, protocol, domain, server_port, path nodrop\n| parse field=client \"*:*\" as ClientIP, Cport nodrop\n| parse field=backend \"*:*\" as BackendIP, Backend_port nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancername, account, region, namespace\n| sort by ThreatCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -538,7 +569,6 @@
             "name": "1. AWS Classic Load Balancer - Response Analysis",
             "description": "See the details of the Classic Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.",
             "title": "1. AWS Classic Load Balancer - Response Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -659,12 +689,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -683,12 +715,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -707,12 +741,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -731,12 +767,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -755,12 +793,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -779,12 +819,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -803,32 +845,38 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -847,12 +895,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -871,12 +921,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -895,12 +947,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (elb_status_code matches \"5*\",1,0) as ELB_5XX\n| if (elb_status_code matches \"4*\",1,0) as ELB_4XX\n| if (elb_status_code matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX",
+                            "transient": false,
+                            "queryString": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (elb_status_code matches \"5*\",1,0) as ELB_5XX\n| if (elb_status_code matches \"4*\",1,0) as ELB_4XX\n| if (elb_status_code matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -980,7 +1034,6 @@
             "name": "2. AWS Classic Load Balancer - Backend Response Analysis",
             "description": "See the details of the Backend HTTP codes 2XX, 3XX, 4XX, and 5XX by availability zone, and load balancer name.",
             "title": "2. AWS Classic Load Balancer - Backend Response Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1110,12 +1163,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n| if (backend_status_code matches \"5*\",1,0) as Backend_5XX\n| if (backend_status_code matches \"4*\",1,0) as Backend_4XX\n| if (backend_status_code matches \"3*\",1,0) as Backend_3XX\n| if (backend_status_code matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n| if (backend_status_code matches \"5*\",1,0) as Backend_5XX\n| if (backend_status_code matches \"4*\",1,0) as Backend_4XX\n| if (backend_status_code matches \"3*\",1,0) as Backend_3XX\n| if (backend_status_code matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1134,12 +1189,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -1158,12 +1215,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_2XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -1182,12 +1241,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -1206,12 +1267,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"5*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1230,12 +1293,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"4*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1254,12 +1319,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"3*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1278,12 +1345,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"2*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1302,12 +1371,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -1387,7 +1458,6 @@
             "name": "3. AWS Classic Load Balancer - Latency Overview",
             "description": "See the details of latency in your classic load balancer by availability zone, and load balancer name.",
             "title": "3. AWS Classic Load Balancer - Latency Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1457,12 +1527,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=Latency Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -1481,12 +1553,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by loadbalancername\n| order by MaximumClientLatency",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1505,12 +1579,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(backend_processing_time) as AverageBackendProcessingTime, max(backend_processing_time) as MaximumBackendProcessingTime by loadbalancername\n| order by MaximumBackendProcessingTime",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1529,12 +1605,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by loadbalancername ,_timeslice\n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1553,12 +1631,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1656,7 +1736,6 @@
             "name": "4. AWS Classic Load Balancer - Latency Details",
             "description": "See the details of latency in your classic load balancer including the average and maximum request and response processing time, by backend and ELB.",
             "title": "4. AWS Classic Load Balancer - Latency Details",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1747,12 +1826,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1771,12 +1852,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1795,12 +1878,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1819,12 +1904,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1843,12 +1930,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(request_processing_time) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| max(request_processing_time) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1867,12 +1956,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(response_processing_time) as MaximumResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1891,12 +1982,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by URI\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1915,12 +2008,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -1939,12 +2034,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2024,7 +2121,6 @@
             "name": "5. AWS Classic Load Balancer - Connections and Host Status",
             "description": "See the details of connections and host status including the average unhealthy host count, and healthy host count by availability zone, and load balancer name.",
             "title": "5. AWS Classic Load Balancer - Connections and Host Status",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2118,12 +2214,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2142,12 +2240,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=BackendConnectionErrors Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2166,12 +2266,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBActiveConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2190,12 +2292,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBNewConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2214,12 +2318,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2274,12 +2380,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2298,12 +2406,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2322,12 +2432,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2416,7 +2528,6 @@
             "name": "6. AWS Classic Load Balancer - Requests and Processed Bytes",
             "description": "See the details of requests and Processed bytes for your classic load balancer.",
             "title": "6. AWS Classic Load Balancer - Requests and Processed Bytes",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2498,12 +2609,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2522,12 +2635,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(backend)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2546,12 +2661,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2570,12 +2687,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2594,12 +2713,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount statistic=sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2618,12 +2739,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedProcessedBytes Statistic=Sum | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message"
                         }
@@ -2660,12 +2783,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(received_bytes) as ReceivedBytes by _timeslice\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2684,12 +2809,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(sent_bytes) as SentBytes by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2769,7 +2896,6 @@
             "name": "7. AWS Classic Load Balancer - Threat Intel",
             "description": "See the details of IP threats including the count, location, and highly malicious IP threats.",
             "title": "7. AWS Classic Load Balancer - Threat Intel",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2835,12 +2961,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2859,12 +2987,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2883,12 +3013,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2907,12 +3039,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2931,12 +3065,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude from geo://location on ip = ClientIp\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }
@@ -2955,12 +3091,14 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" // and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message"
                         }

From 173b819bde1baf4ba3ef44fc9c806942139a7616 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Wed, 25 May 2022 11:52:13 +0530
Subject: [PATCH 16/82] Threat location panel optimized

---
 aws-observability/json/Classic-lb-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/Classic-lb-App.json b/aws-observability/json/Classic-lb-App.json
index c81842b8..6ef4e066 100644
--- a/aws-observability/json/Classic-lb-App.json
+++ b/aws-observability/json/Classic-lb-App.json
@@ -3066,7 +3066,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude from geo://location on ip = ClientIp\n| count by latitude, longitude\n| where !isnull(latitude)",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| lookup latitude, longitude from geo://location on ip = ClientIp\n| sum(_count) as _count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,

From e0468aa0af58ae2d86a5af9758acd60e8d0d0630 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Mon, 30 May 2022 18:35:33 +0530
Subject: [PATCH 17/82] Optimization of RDS app dashboards query for cloudtrail
 related logs along with other minor changes

---
 aws-observability/json/Api-Gateway-App.json | 182 +++--
 aws-observability/json/DynamoDb-App.json    | 154 ++--
 aws-observability/json/Rds-App.json         | 830 +++++++++++++++-----
 3 files changed, 843 insertions(+), 323 deletions(-)

diff --git a/aws-observability/json/Api-Gateway-App.json b/aws-observability/json/Api-Gateway-App.json
index 98e44895..755941fb 100644
--- a/aws-observability/json/Api-Gateway-App.json
+++ b/aws-observability/json/Api-Gateway-App.json
@@ -1,7 +1,7 @@
 {
     "type": "FolderSyncDefinition",
     "name": "AWS API Gateway",
-    "description": "The Sumo Logic App for AWS API Gateway provides visibility into your Amazon APIGateway Service Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your API Gateway Infrastructure.",
+    "description": "The Sumo Logic App for AWS API Gateway provides visibility into your Amazon APIGateway Service. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your API Gateway Infrastructure.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
@@ -93,7 +93,7 @@
                     "id": null,
                     "key": "panelpane-07fe4834864daa40",
                     "title": "API Requests (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today, {{apiname}}\"}},{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{apiname}}\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{apiname}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"lineThickness\":\"3\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today, {{apiname}}\"}},{\"series\":[],\"queries\":[],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{apiname}}\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{apiname}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -107,7 +107,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
@@ -119,7 +120,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
@@ -131,7 +133,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -175,7 +178,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -201,7 +205,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -227,7 +232,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -253,7 +259,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -502,7 +509,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -528,7 +536,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -554,7 +563,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -580,7 +590,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -606,7 +617,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -632,7 +644,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -694,7 +707,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -720,7 +734,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -746,7 +761,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -772,7 +788,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -798,7 +815,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -810,7 +828,7 @@
                     "id": null,
                     "key": "panelPANE-F43AE7E8952D5A40",
                     "title": "API Requests (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Last Week\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -824,7 +842,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
@@ -836,7 +855,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
@@ -848,7 +868,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1000,7 +1021,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1026,7 +1048,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1052,7 +1075,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -1064,7 +1088,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -1076,7 +1101,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1272,7 +1298,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" eventName account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count as eventCount by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" eventName account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1280,7 +1306,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1298,7 +1325,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" userAgent account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user_agent\n| sort by eventCount, user_agent asc",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" userAgent account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by user_agent\n| sort by event_count, user_agent asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1306,7 +1333,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1324,7 +1352,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")  and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")  and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1332,7 +1360,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1350,7 +1379,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1358,7 +1387,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1376,7 +1406,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventStatus\n| sort by eventCount, eventStatus asc",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_status\n| sort by event_count, event_status asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1384,7 +1414,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1402,7 +1433,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count by _timeslice, eventStatus\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| timeslice 15m\n| count by _timeslice, event_status\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in event_status\n| transpose row _timeslice column event_status",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1410,7 +1441,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1428,7 +1460,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by errorCode \n| top 10 errorCode by eventCount, errorCode asc",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by error_code \n| top 10 error_code by event_count, error_code asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1436,7 +1468,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1454,7 +1487,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1462,7 +1495,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1480,7 +1514,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop \n| json field=responseElements \"name\", \"Message\" as ApiName, responseMessage nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorMessage), responseMessage, errorMessage) as errorMessage\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, errorCode, errorMessage, Region, src_ip, accountId, user, type, requestID, user_agent, apiname\n| sort by _timeslice\n| limit 100",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop \n| json field=responseElements \"name\", \"Message\" as ApiName, responseMessage nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(error_message), responseMessage, error_message) as error_message\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountId, user, type, requestID, user_agent, apiname\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1488,7 +1522,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1506,7 +1541,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1514,7 +1549,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1532,7 +1568,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| where eventStatus = \"Success\"\n| timeslice 1s\n| count as eventCount by _timeslice, event_name, Region, src_ip, accountId, user, type, requestID, user_agent, ApiName\n| sort by _timeslice\n| limit 100",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountId, user, type, requestID, user_agent, ApiName\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1540,7 +1576,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1558,7 +1595,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by type, user\n| topk(10, eventCount) by type | fields -_rank",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by type, user\n| topk(10, event_count) by type | fields -_rank",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1566,7 +1603,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1584,7 +1622,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, errorCode, errorMessage, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip, event_name // , user, user_agent, apiname\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, apiname",
+                            "queryString": "\"\\\"eventSource\\\":\\\"apigateway.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\", \"errorCode\", \"errorMessage\", \"requestID\" as event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, src_ip, error_code, error_message, requestID nodrop\n| where event_source = \"apigateway.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId2, arn, username, type nodrop | parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"basePath\", \"domainName\" as basePath, domainName nodrop | json field=responseElements \"name\" as ApiName nodrop // CreateRestApi, CreateApiKey, CreateUsagePlan, CreateUsagePlanKey, CreateUsagePlanKey, ImportApi, ImportRestApi, UpdateRestApi, UpdateUsagePlan provides ApiName\n| where (tolowercase(ApiName) matches tolowercase(\"{{apiname}}\")) or isBlank(apiname)\n| if (!isEmpty(accountId1), accountId1, accountId2) as accountId\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip, event_name // , user, user_agent, apiname\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, apiname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1592,7 +1630,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1764,7 +1803,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1790,7 +1830,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1816,7 +1857,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1842,7 +1884,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1868,7 +1911,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1894,7 +1938,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1920,7 +1965,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1946,7 +1992,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -1958,7 +2005,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1984,7 +2032,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2010,7 +2059,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
diff --git a/aws-observability/json/DynamoDb-App.json b/aws-observability/json/DynamoDb-App.json
index d2377235..d3ab795c 100644
--- a/aws-observability/json/DynamoDb-App.json
+++ b/aws-observability/json/DynamoDb-App.json
@@ -1,7 +1,7 @@
 {
     "type": "FolderSyncDefinition",
     "name": "AWS DynamoDB",
-    "description": "The Sumo Logic App for Amazon DynamoDB is a unified logs and metrics (ULM) App which provides operational insights into your DynamoDB solution. The App includes Dashboards that allow you to monitor key metrics and view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB solution.",
+    "description": "The Sumo App for Amazon DynamoDB is using both logs and metrics to provide operational insights into your DynamoDB. The App includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB instances.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
@@ -106,7 +106,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -118,7 +119,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -144,7 +146,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -156,7 +159,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -182,7 +186,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -208,7 +213,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -234,7 +240,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -260,7 +267,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -286,7 +294,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -312,7 +321,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -338,7 +348,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -350,7 +361,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -376,7 +388,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -388,7 +401,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -606,7 +620,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -632,7 +647,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -658,7 +674,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -684,7 +701,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -710,7 +728,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -736,7 +755,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -762,7 +782,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -788,7 +809,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
                             "transient": false,
@@ -800,7 +822,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -826,7 +849,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -852,7 +876,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -878,7 +903,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -904,7 +930,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -930,7 +957,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -983,7 +1011,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1009,7 +1038,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1153,7 +1183,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1179,7 +1210,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1205,7 +1237,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1231,7 +1264,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1387,7 +1421,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1413,7 +1448,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1439,7 +1475,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1457,7 +1494,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| count as count by UserName\n| sort count \n| limit 10",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| count as count by UserName\n| sort by count \n| limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1465,7 +1502,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1491,7 +1529,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1517,7 +1556,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1535,7 +1575,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| count by SourceIp\n| lookup latitude, longitude from geo://location on ip = SourceIp\n| count by latitude, longitude\n| where !isnull(latitude)",
+                            "queryString": "account={{account}} namespace={{namespace}} region={{region}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where !(SourceIp matches \"*.amazonaws.com\")\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count by SourceIp\n| lookup latitude, longitude from geo://location on ip = SourceIp\n| where !isnull(latitude)\n| sum(_count) as count by latitude, longitude",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1543,7 +1583,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1683,7 +1724,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\" and !(SourceIp matches \"*.amazonaws.com\")\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1691,7 +1732,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1709,7 +1751,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp, tablename\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, tablename, Actor, LabelName\n| sort by ThreatCount",
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\" and !(SourceIp matches \"*.amazonaws.com\")\n| count as ip_count by SourceIp, tablename\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, tablename, Actor, LabelName\n| sort by ThreatCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1717,7 +1759,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1735,7 +1778,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount, MaliciousConfidence asc",
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\" and !(SourceIp matches \"*.amazonaws.com\")\n| count as ip_count by SourceIp\n| lookup Type, Actor, Raw, ThreatLevel as MaliciousConfidence from sumo://threat/cs on threat=SourceIp \n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| json field=Raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(Actor), \"Unassigned\", Actor) as Actor\n| sum (ip_count) as ThreatCount by SourceIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount, MaliciousConfidence asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1743,7 +1786,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1761,7 +1805,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum(ip_count) as ThreatCount by malicious_confidence\n| sort by ThreatCount, malicious_confidence asc",
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\" and !(SourceIp matches \"*.amazonaws.com\")\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp\n| where type=\"ip_address\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum(ip_count) as ThreatCount by malicious_confidence\n| sort by ThreatCount, malicious_confidence asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1769,7 +1813,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1787,7 +1832,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\"\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| lookup latitude, longitude from geo://location on ip = SourceIp\n| count by latitude, longitude\n| where !isnull(latitude)",
+                            "queryString": "region={{region}} account={{account}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"dynamodb.amazonaws.com\\\"\"\n| json \"eventName\", \"awsRegion\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as EventName, Region, tablename, SourceIp, UserName, ContextUserName nodrop\n| where (tolowercase(tablename) matches tolowercase(\"{{tablename}}\")) or isBlank(tablename)\n| where SourceIp != \"0.0.0.0\" and SourceIp != \"127.0.0.1\" and !(SourceIp matches \"*.amazonaws.com\")\n| if (isEmpty(UserName), ContextUserName, UserName) as UserName\n| count as ip_count by SourceIp\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=SourceIp\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| lookup latitude, longitude from geo://location on ip = SourceIp\n| where !isnull(latitude)\n| sum(ip_count) as count by latitude, longitude",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1795,7 +1840,8 @@
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
diff --git a/aws-observability/json/Rds-App.json b/aws-observability/json/Rds-App.json
index cfcf9879..4ba94196 100644
--- a/aws-observability/json/Rds-App.json
+++ b/aws-observability/json/Rds-App.json
@@ -1,14 +1,13 @@
 {
     "type": "FolderSyncDefinition",
     "name": "Amazon RDS",
-    "description": "The Sumo Logic App for Amazon RDS provides visibility into your Amazon Relational Database Service (RDS) Metrics collected via a CloudWatch Metrics Source. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your RDS system's overview, CPU, memory, storage, network transmit and receive throughput, read and write operations, database connection count, disk queue depth, and more.",
+    "description": "The Sumo Logic App for Amazon RDS provides visibility into your Amazon Relational Database Service usage. The App’s Dashboards provide preconfigured searches and filters that allow you to monitor your RDS system's overview, CPU, memory, storage, network transmit and receive throughput, read and write operations, database connection count, disk queue depth, and more.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
             "name": "1. Amazon RDS - Overview",
             "description": "The Amazon RDS Overview dashboard provides insights into RDS resource statistics and utilization throughout your infrastructure, including CPU, memory, latency, storage, and network throughput.",
             "title": "1. Amazon RDS - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -182,14 +181,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}}  dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -215,14 +217,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -239,14 +244,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -263,14 +271,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DiskQueueDepth statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -287,14 +298,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -311,14 +325,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -335,14 +352,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -359,14 +379,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -383,14 +406,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -407,14 +433,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -431,14 +460,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -455,14 +487,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -479,14 +514,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -512,14 +550,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / (1024 * 1024 * 1024) | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -536,14 +577,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -560,14 +604,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -584,14 +631,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -608,14 +658,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -632,14 +685,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeStorageSpace statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -656,14 +712,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -680,14 +739,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -704,14 +766,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} enginename=* | sum by EngineName, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -728,14 +793,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections region={{region}} account={{account}} databaseclass=* statistic=average | avg by databaseclass, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -752,14 +820,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by account, region, dbidentifier",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -776,14 +847,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=Average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -800,14 +874,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DiskQueueDepth statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -824,14 +901,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -857,14 +937,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoad statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -881,14 +964,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoadCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -905,14 +991,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoadNonCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -934,7 +1023,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -948,7 +1038,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -962,7 +1053,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -976,7 +1068,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -986,7 +1079,6 @@
             "name": "1. Amazon RDS - Overview By Database Instance",
             "description": "The Amazon RDS Overview By Database Instance dashboard provides insights into resource statistics and utilization per database instance throughout your infrastructure. Panels display data for CPU, memory, latency, storage, and network throughput per database instance.",
             "title": "1. Amazon RDS - Overview By Database Instance",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1164,14 +1256,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1197,14 +1292,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1221,14 +1319,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1245,14 +1346,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DiskQueueDepth statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1269,14 +1373,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1293,14 +1400,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BinLogDiskUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1317,14 +1427,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeStorageSpace statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1341,14 +1454,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1365,14 +1481,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1389,14 +1508,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1413,14 +1535,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1437,14 +1562,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1461,14 +1589,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1485,14 +1616,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1509,14 +1643,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1533,14 +1670,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=SwapUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1048576 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1557,14 +1697,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUCreditUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "(T2 instances) The number of CPU credits spent by the instance for CPU utilization.",
@@ -1581,14 +1724,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CPUCreditBalance statistic=average account={{account}} region={{region}}  dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "\t(T2 instances) The number of earned CPU credits that an instance has accrued since it was launched or started. For T2 Standard, the CPUCreditBalance also includes the number of launch credits that have been accrued.",
@@ -1614,14 +1760,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkReceiveThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1638,14 +1787,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkTransmitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1662,14 +1814,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DatabaseConnections statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1686,14 +1841,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1710,14 +1868,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeStorageSpace statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1073741824 | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1734,14 +1895,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReadIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1758,14 +1922,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=WriteIOPS statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1782,14 +1949,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BurstBalance statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "\t\nThe percent of General Purpose SSD (gp2) burst-bucket I/O credits available",
@@ -1806,14 +1976,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=MaximumUsedTransactionIDs statistic=maximum account={{account}} region={{region}} dbidentifier={{dbidentifier}} | max",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1830,14 +2003,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=TransactionLogsDiskUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} |  eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1854,14 +2030,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=TransactionLogsGeneration statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / 1024 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1878,14 +2057,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=OldestReplicationSlotLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1902,14 +2084,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReplicationSlotDiskUsage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1926,14 +2111,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1955,7 +2143,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1969,7 +2158,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1983,7 +2173,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1997,7 +2188,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -2007,7 +2199,6 @@
             "name": "2. Amazon RDS - CloudTrail Audit Events",
             "description": "The Amazon RDS CloudTrail Audit Events dashboard provides insights into audit events of your database clusters.",
             "title": "2. Amazon RDS - CloudTrail Audit Events",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2102,14 +2293,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2126,14 +2320,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2150,14 +2347,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by eventStatus\n| sort by _count, eventStatus asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count by event_status\n| sort by _count, event_status asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2168,20 +2368,23 @@
                 {
                     "id": null,
                     "key": "panelPANE-30579457B90CCB42",
-                    "title": "Top Error Codes",
+                    "title": "Top 10 Error Codes",
                     "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count as Frequency by errorCode \n| top 10 errorCode by Frequency, errorCode asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count as Frequency by error_code \n| top 10 error_code by Frequency, error_code asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2198,14 +2401,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 15m\n| count by _timeslice, eventStatus\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 15m\n| count by _timeslice, event_status\n| fillmissing timeslice(15m), values (\"Success\", \"Failure\") in event_status\n| transpose row _timeslice column event_status",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2222,14 +2428,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2246,14 +2455,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(errorCode)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 1s\n| count as Frequency by _timeslice, event_name, errorCode, errorMessage, src_ip, user, type, requestID, user_agent, Region, accountId, dBClusterIdentifier, dBInstanceIdentifier\n| sort by _timeslice\n| limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 1s\n| count as Frequency by _timeslice, event_name, error_code, error_message, src_ip, user, type, requestID, user_agent, region, accountId, dBClusterIdentifier, dBInstanceIdentifier\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2270,14 +2482,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| where eventStatus=\"Success\"\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2294,14 +2509,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| where eventStatus = \"Success\"\n| timeslice 1s\n| count as Frequency by _timeslice, event_name, src_ip, user, type, requestId, user_agent, Region, accountId, dBClusterIdentifier, dBInstanceIdentifier\n| sort by _timeslice\n| limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" !errorCode account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| timeslice 1s\n| count as Frequency by _timeslice, event_name, src_ip, user, type, requestId, user_agent, region, accountId, dBClusterIdentifier, dBInstanceIdentifier\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2318,14 +2536,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by type, user\n| topk(10, Frequency) by type | fields -_rank",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by type, user\n| topk(10, Frequency) by type | fields -_rank",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2342,14 +2563,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" engine account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json \"requestParameters.engine\", \"responseElements.engine\" as engine1, engine2 nodrop\n| if (!isEmpty(engine1), engine1, engine2) as engine\n| where !isEmpty(engine)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by engine\n| sort by Frequency, engine asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" engine account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json \"requestParameters.engine\", \"responseElements.engine\" as engine1, engine2 nodrop\n| if (!isEmpty(engine1), engine1, engine2) as engine\n| where !isEmpty(engine)\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by engine\n| sort by Frequency, engine asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2366,14 +2590,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| timeslice 15m\n| count as Frequency by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| timeslice 15m\n| count as Frequency by _timeslice, event_name\n| transpose row _timeslice column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2390,14 +2617,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by user, event_name",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop \n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count by user, event_name | sort by _count, user asc, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2414,14 +2644,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
+                            "transient": false,
+                            "queryString": "\"\\\"eventsource\\\":\\\"rds.amazonaws.com\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| json field=requestParameters \"dBInstanceIdentifier\", \"resourceName\", \"dBClusterIdentifier\" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop\n| json field=responseElements \"dBInstanceIdentifier\" as dBInstanceIdentifier3 nodrop | json field=responseElements \"dBClusterIdentifier\" as dBClusterIdentifier3 nodrop\n| parse field=resourceName \"arn:aws:rds:*:db:*\" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName \"arn:aws:rds:*:cluster:*\" as f1, dBClusterIdentifier2 nodrop\n| if (resourceName matches \"arn:aws:rds:*:db:*\", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier\n| if (resourceName matches \"arn:aws:rds:*:cluster:*\", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2443,7 +2676,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2457,7 +2691,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2471,7 +2706,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -2481,7 +2717,6 @@
             "name": "2. Amazon RDS - Performance Insights",
             "description": "The Amazon RDS Performance Insights dashboard provides intuitive performance data from throughout your RDS infrastructure across CPU load, non CPU load, active sessions, and performance trends.",
             "title": "2. Amazon RDS - Performance Insights",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2551,14 +2786,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoad statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2575,14 +2813,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoadCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2599,14 +2840,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoadNonCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2632,14 +2876,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoad statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2656,14 +2903,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoadCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2680,14 +2930,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DBLoadNonCPU statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2709,7 +2962,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2723,7 +2977,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2737,7 +2992,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2751,7 +3007,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -2761,7 +3018,6 @@
             "name": "3. Amazon RDS - Aurora Generic",
             "description": "The Amazon RDS Aurora Generic dashboard provides generic AWS Aurora performance statistics across your infrastructure for uptime, replica lag, latency, network throughput, volume, and storage.",
             "title": "3. Amazon RDS - Aurora Generic",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2875,14 +3131,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2899,14 +3158,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraReplicaLagMaximum statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2923,14 +3185,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraReplicaLagMinimum statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2947,14 +3212,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=FreeLocalStorage statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / (1024 * 1024 * 1024) | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2971,14 +3239,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=NetworkThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2995,14 +3266,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BufferCacheHitRatio statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3019,14 +3293,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Deadlocks statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3043,14 +3320,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CommitLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3067,14 +3347,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=CommitThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3091,14 +3374,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=VolumeBytesUsed statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | eval _value / (1024*1024) | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3115,14 +3401,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=VolumeReadIOPs statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3139,14 +3428,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=VolumeWriteIOPs statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3163,14 +3455,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BackupRetentionPeriodStorageUsed statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3187,14 +3482,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=SnapshotStorageUsed statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3211,14 +3509,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=TotalBackupStorageBilled statistic=average account={{account}} region={{region}} EngineName=* | avg by account, region, namespace, EngineName",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3235,14 +3536,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=RDSToAuroraPostgreSQLReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3259,14 +3563,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BufferCacheHitRatio statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3283,14 +3590,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=EngineUptime statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg | eval (_value / (3600 * 24))",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3312,7 +3622,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3326,7 +3637,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3340,7 +3652,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3354,7 +3667,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -3364,7 +3678,6 @@
             "name": "3. Amazon RDS - Non-Describe CloudTrail Audit Events",
             "description": "The Amazon RDS Non-Describe CloudTrail Audit Events dashboard provides statistical and detailed insights into Non-Describe DB Instance, SnapShot, Cluster, Security group events.",
             "title": "3. Amazon RDS - Non-Describe CloudTrail Audit Events",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -3464,14 +3777,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBInstance* !Describe*DBInstance* !StartDBInstance !StopDBInstance !RebootDBInstance account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBInstance*\" and !(event_name matches \"Describe*DBInstance*\") and !(event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\"))\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop  \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBInstance* !Describe*DBInstance* !StartDBInstance !StopDBInstance !RebootDBInstance account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBInstance*\" and !(event_name matches \"Describe*DBInstance*\") and !(event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\"))\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop  \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3488,14 +3804,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBInstance* !Describe*DBInstance* !StartDBInstance !StopDBInstance !RebootDBInstance account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBInstance*\" and !(event_name matches \"Describe*DBInstance*\") and !(event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\"))\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBInstanceIdentifier, user, Region, src_ip, eventStatus, dBInstanceClass, engine, dbName, dBSnapshotIdentifier, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBInstance* !Describe*DBInstance* !StartDBInstance !StopDBInstance !RebootDBInstance account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBInstance*\" and !(event_name matches \"Describe*DBInstance*\") and !(event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\"))\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBInstanceIdentifier, user, region, src_ip, event_status, dBInstanceClass, engine, dbName, dBSnapshotIdentifier, error_code, error_message\n| sort by eventTime | limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3512,14 +3831,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" (StartDBInstance or StopDBInstance or RebootDBInstance) account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBInstanceIdentifier, user, Region, src_ip, eventStatus, dBInstanceClass, engine, dbName, dBSnapshotIdentifier, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" (StartDBInstance or StopDBInstance or RebootDBInstance) account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name in (\"StartDBInstance\", \"StopDBInstance\", \"RebootDBInstance\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBInstanceIdentifier, user, region, src_ip, event_status, dBInstanceClass, engine, dbName, dBSnapshotIdentifier, error_code, error_message\n| sort by eventTime | limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3536,14 +3858,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DB*Snapshot* !Describe*DB*Snapshot* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip  nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DB*Snapshot*\" and !(event_name matches \"Describe*DB*Snapshot*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier1 nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2, dBSnapshotIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier | concat (dBSnapshotIdentifier1, dBSnapshotIdentifier2) as dBSnapshotIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (!isEmpty(dBSnapshotIdentifier1), dBSnapshotIdentifier1, dBSnapshotIdentifier) as dBSnapshotIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DB*Snapshot* !Describe*DB*Snapshot* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip  nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DB*Snapshot*\" and !(event_name matches \"Describe*DB*Snapshot*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier1 nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2, dBSnapshotIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier | concat (dBSnapshotIdentifier1, dBSnapshotIdentifier2) as dBSnapshotIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (!isEmpty(dBSnapshotIdentifier1), dBSnapshotIdentifier1, dBSnapshotIdentifier) as dBSnapshotIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3560,14 +3885,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DB*Snapshot* !Describe*DB*Snapshot* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DB*Snapshot*\" and !(event_name matches \"Describe*DB*Snapshot*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier1 nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2, dBSnapshotIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier | concat (dBSnapshotIdentifier1, dBSnapshotIdentifier2) as dBSnapshotIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (!isEmpty(dBSnapshotIdentifier1), dBSnapshotIdentifier1, dBSnapshotIdentifier) as dBSnapshotIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBSnapshotIdentifier, user, Region, src_ip, eventStatus, dBInstanceIdentifier, engine, dBInstanceClass, dbName, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DB*Snapshot* !Describe*DB*Snapshot* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DB*Snapshot*\" and !(event_name matches \"Describe*DB*Snapshot*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier1 nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2, dBSnapshotIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier | concat (dBSnapshotIdentifier1, dBSnapshotIdentifier2) as dBSnapshotIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (!isEmpty(dBSnapshotIdentifier1), dBSnapshotIdentifier1, dBSnapshotIdentifier) as dBSnapshotIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBSnapshotIdentifier, user, Region, src_ip, event_status, dBInstanceIdentifier, engine, dBInstanceClass, dbName, error_code, error_message\n| sort by eventTime | limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3602,14 +3930,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBCluster !Describe*DBCluster* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBCluster\" and !(event_name matches \"Describe*DBCluster*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBCluster !Describe*DBCluster* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBCluster\" and !(event_name matches \"Describe*DBCluster*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3626,14 +3957,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBCluster !Describe*DBCluster* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBCluster\" and !(event_name matches \"Describe*DBCluster*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBClusterIdentifier, user, Region, src_ip, eventStatus, engine, errorCode, errorMessage\n| sort by eventTime | limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBCluster !Describe*DBCluster* account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBCluster\" and !(event_name matches \"Describe*DBCluster*\")\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBClusterIdentifier, user, region, src_ip, event_status, engine, error_code, error_message\n| sort by eventTime | limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3650,14 +3984,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBSecurityGroup* !DescribeDBSecurityGroups account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBSecurityGroup*\" and event_name<>\"DescribeDBSecurityGroups\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\", \"dBSecurityGroupName\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier, dBSecurityGroupName  nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by event_name\n| sort by eventCount, event_name asc",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBSecurityGroup* !DescribeDBSecurityGroups account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBSecurityGroup*\" and event_name<>\"DescribeDBSecurityGroups\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\", \"dBSecurityGroupName\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier, dBSecurityGroupName  nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop \n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3674,14 +4011,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBSecurityGroup* !DescribeDBSecurityGroups account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBSecurityGroup*\" and event_name<>\"DescribeDBSecurityGroups\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\", \"dBSecurityGroupName\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier, dBSecurityGroupName  nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBSecurityGroupName, type, user, Region, src_ip, eventStatus, errorCode, errorMessage, engine, dBInstanceIdentifier, dBClusterIdentifier, dBInstanceClass, dbName\n| sort by eventTime | limit 100",
+                            "transient": false,
+                            "queryString": "\"\\\"eventSource\\\":\\\"rds.amazonaws.com\\\"\" *DBSecurityGroup* !DescribeDBSecurityGroups account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, error_code, error_message, requestID, src_ip nodrop\n| where event_source = \"rds.amazonaws.com\" and event_name matches \"*DBSecurityGroup*\" and event_name<>\"DescribeDBSecurityGroups\"\n| json field=userIdentity \"accountId\", \"arn\", \"userName\", \"type\" as accountId, arn, username, type nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\", \"dBSnapshotIdentifier\", \"dBSecurityGroupName\" as engine1, dBInstanceClass1, dBClusterIdentifier1, dBInstanceIdentifier1, dBSnapshotIdentifier, dBSecurityGroupName  nodrop  \n| json field=responseElements \"dBName\", \"engine\", \"dBInstanceClass\", \"dBClusterIdentifier\", \"dBInstanceIdentifier\" as dbName, engine2, dBInstanceClass2, dBClusterIdentifier2, dBInstanceIdentifier2 nodrop\n| concat (dBInstanceIdentifier1, dBInstanceIdentifier2) as dBInstanceIdentifier | concat (engine1, engine2) as engine | concat (dBInstanceClass1, dBInstanceClass2) as dBInstanceClass | concat (dBClusterIdentifier1, dBClusterIdentifier2) as dBClusterIdentifier\n| if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier) as dBInstanceIdentifier\n| if (!isEmpty(engine1), engine1, engine) as engine\n| if (!isEmpty(dBInstanceClass1), dBInstanceClass1, dBInstanceClass) as dBInstanceClass\n| if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier) as dBClusterIdentifier\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| count as Frequency by eventTime, event_name, dBSecurityGroupName, type, user, region, src_ip, event_status, error_code, error_message, engine, dBInstanceIdentifier, dBClusterIdentifier, dBInstanceClass, dbName\n| sort by eventTime | limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3712,7 +4052,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3726,7 +4067,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3740,7 +4082,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -3750,7 +4093,6 @@
             "name": "4. Amazon RDS - Aurora MySQL",
             "description": "The Amazon RDS Aurora MySQL dashboard provides intuitive Aurora MySQL performance data from across your infrastructure for latency, throughput, active and blocked transactions, queries, login failures, and replica lag.",
             "title": "4. Amazon RDS - Aurora MySQL",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -3864,14 +4206,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=SelectLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3888,14 +4233,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=SelectThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3912,14 +4260,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=UpdateLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3936,14 +4287,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=UpdateThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3960,14 +4314,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=InsertLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3984,14 +4341,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=InsertThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4008,14 +4368,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DeleteLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4032,14 +4395,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DeleteThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4056,14 +4422,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DDLLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4080,14 +4449,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DDLThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4104,14 +4476,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DMLLatency statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4128,14 +4503,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DMLThroughput statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4152,14 +4530,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ActiveTransactions statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4176,14 +4557,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BlockedTransactions statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4200,14 +4584,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=LoginFailures statistic=SampleCount account={{account}} region={{region}} dbidentifier={{dbidentifier}} | sum by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4224,14 +4611,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Queries statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4248,14 +4638,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ResultSetCacheHitRatio statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4272,14 +4665,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraBinlogReplicaLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4301,7 +4697,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4315,7 +4712,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4329,7 +4727,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4343,7 +4742,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -4353,7 +4753,6 @@
             "name": "5. Amazon RDS - Aurora MySQL Global Database and Backtrack Activity",
             "description": "The Amazon RDS Aurora MySQL Global Database and BackTrack Activity dashboard provides insights into Aurora MySQL performance data from across your infrastructure for Global Database activity and Backtrack activity.",
             "title": "5. Amazon RDS - Aurora MySQL Global Database and Backtrack Activity",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -4431,14 +4830,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BacktrackChangeRecordsCreationRate statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The number of backtrack change records created over five minutes for your DB cluster.",
@@ -4455,14 +4857,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BacktrackChangeRecordsStored statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The actual number of backtrack change records used by your DB cluster.",
@@ -4479,14 +4884,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BacktrackWindowActual statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The difference between the target backtrack window and the actual backtrack window.",
@@ -4503,14 +4911,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=BacktrackWindowAlert statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The number of times that the actual backtrack window is smaller than the target backtrack window for a given period of time.",
@@ -4545,14 +4956,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraGlobalDBReplicatedWriteIO statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "In an Aurora Global Database, the number of write I/O operations replicated from the primary AWS Region to the cluster volume in a secondary AWS Region. The billing calculations for the secondary AWS Regions in a global database use VolumeWriteIOPS to account for writes performed within the cluster. The billing calculations for the primary AWS Region in a global database use VolumeWriteIOPS to account for the write activity within that cluster, and AuroraGlobalDBReplicatedWriteIO to account for cross-region replication within the global database.",
@@ -4569,14 +4983,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraGlobalDBDataTransferBytes statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "In an Aurora Global Database, the amount of redo log data transferred from the master AWS Region to a secondary AWS Region.",
@@ -4593,14 +5010,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=AuroraGlobalDBReplicationLag statistic=average account={{account}} region={{region}} dbidentifier={{dbidentifier}} | avg by dbidentifier, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "For an Aurora Global Database, the amount of lag when replicating updates from the primary AWS Region, in milliseconds.",
@@ -4622,7 +5042,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4636,7 +5057,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4650,7 +5072,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4664,7 +5087,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []

From ad694122ddd182f2e440f63cf3a35bf2d8cfdbc7 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Mon, 30 May 2022 19:04:13 +0530
Subject: [PATCH 18/82] Updated filter for namespace for RDS app dashboards.

---
 aws-observability/json/Rds-App.json | 32 ++++++++++++++---------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/aws-observability/json/Rds-App.json b/aws-observability/json/Rds-App.json
index 4ba94196..2dc7282b 100644
--- a/aws-observability/json/Rds-App.json
+++ b/aws-observability/json/Rds-App.json
@@ -1044,11 +1044,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2164,11 +2164,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2697,11 +2697,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2983,11 +2983,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -3643,11 +3643,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -4073,11 +4073,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -4718,11 +4718,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -5063,11 +5063,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/rds",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/rds",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,

From c4fb4d4f22c1ac088b917f7f48ba66d5328b1fb8 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Tue, 31 May 2022 18:38:07 +0530
Subject: [PATCH 19/82] commented RCE dashboards installation

---
 aws-observability-terraform/app-modules/rce/app.tf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/aws-observability-terraform/app-modules/rce/app.tf b/aws-observability-terraform/app-modules/rce/app.tf
index 5d94b50b..bfc63a3a 100644
--- a/aws-observability-terraform/app-modules/rce/app.tf
+++ b/aws-observability-terraform/app-modules/rce/app.tf
@@ -12,12 +12,12 @@ module "rce_module" {
   # ********************** No FERs for RCE ********************** #
 
   # ********************** Apps - RCE dashboards only ********************** #
-  managed_apps = {
-    "RceApp" = {
-      content_json = join("", [var.json_file_directory_path, "/aws-observability/json/Rce-App.json"])
-      folder_id    = var.app_folder_id
-    }
-  }
+  # managed_apps = {
+  #   "RceApp" = {
+  #     content_json = join("", [var.json_file_directory_path, "/aws-observability/json/Rce-App.json"])
+  #     folder_id    = var.app_folder_id
+  #   }
+  # }
 
   # ********************** Monitors ********************** #
 }

From b22aa9657f3243ea541c8f53193639fa4be0ac9f Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 1 Jun 2022 14:49:37 +0530
Subject: [PATCH 20/82] Adding source module examples and test cases

---
 .../app-modules/outputs.tf                    |  15 +
 .../sourcemodule/overrideSources/LICENSE      |  13 +
 .../sourcemodule/overrideSources/README.md    |  60 +++
 .../sourcemodule/overrideSources/field.tf     |  97 +++++
 .../sourcemodule/overrideSources/fields.sh    | 101 +++++
 .../overrideSources/main.auto.tfvars          |  26 ++
 .../sourcemodule/overrideSources/main.tf      | 142 +++++++
 .../sourcemodule/overrideSources/output.tf    | 216 +++++++++++
 .../sourcemodule/overrideSources/providers.tf |  21 +
 .../sourcemodule/overrideSources/variables.tf | 358 ++++++++++++++++++
 .../sourcemodule/overrideSources/versions.tf  |  22 ++
 .../examples/sourcemodule/testSource/LICENSE  |  13 +
 .../sourcemodule/testSource/README.md         |  60 +++
 .../examples/sourcemodule/testSource/field.tf |  97 +++++
 .../sourcemodule/testSource/fields.sh         | 101 +++++
 .../sourcemodule/testSource/main.auto.tfvars  |  10 +
 .../examples/sourcemodule/testSource/main.tf  |  40 ++
 .../sourcemodule/testSource/output.tf         | 223 +++++++++++
 .../sourcemodule/testSource/providers.tf      |  21 +
 .../sourcemodule/testSource/variables.tf      | 358 ++++++++++++++++++
 .../sourcemodule/testSource/versions.tf       |  22 ++
 .../source-module/local.tf                    |   2 +-
 .../source-module/main.tf                     |   2 +-
 .../test/appmodule/app_test.go                |  30 +-
 .../test/appmodule/validateSumo.go            |   2 +-
 .../test/sourcemodule/README.md               |  72 ++++
 .../test/sourcemodule/source_test.go          | 296 +++++++++++++++
 .../test/sourcemodule/terraform.go            |  48 +++
 .../test/sourcemodule/unit_tests.sh           |  38 ++
 .../test/sourcemodule/utils.go                |  47 +++
 .../test/sourcemodule/validateAWS.go          | 149 ++++++++
 .../test/sourcemodule/validateSumo.go         |  56 +++
 32 files changed, 2734 insertions(+), 24 deletions(-)
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/LICENSE
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/README.md
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/main.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/output.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/providers.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/variables.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/LICENSE
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/README.md
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/field.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/fields.sh
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/main.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/output.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/providers.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/variables.tf
 create mode 100644 aws-observability-terraform/examples/sourcemodule/testSource/versions.tf
 create mode 100644 aws-observability-terraform/test/sourcemodule/README.md
 create mode 100644 aws-observability-terraform/test/sourcemodule/source_test.go
 create mode 100644 aws-observability-terraform/test/sourcemodule/terraform.go
 create mode 100644 aws-observability-terraform/test/sourcemodule/unit_tests.sh
 create mode 100644 aws-observability-terraform/test/sourcemodule/utils.go
 create mode 100644 aws-observability-terraform/test/sourcemodule/validateAWS.go
 create mode 100644 aws-observability-terraform/test/sourcemodule/validateSumo.go

diff --git a/aws-observability-terraform/app-modules/outputs.tf b/aws-observability-terraform/app-modules/outputs.tf
index 44650f6f..16014fb6 100644
--- a/aws-observability-terraform/app-modules/outputs.tf
+++ b/aws-observability-terraform/app-modules/outputs.tf
@@ -161,4 +161,19 @@ output "sumologic_metric_rules_nlb" {
 output "sumologic_content_rce" {
   value       = module.rce_app.sumologic_content
   description = "This output contains rce Apps."
+}
+
+output "sumologic_hierarchy" {
+  value       = sumologic_hierarchy.awso_hierarchy
+  description = "This output contains rce Apps."
+}
+
+output "sumologic_apps_folder" {
+  value       = sumologic_folder.apps_folder
+  description = "This output contains rce Apps."
+}
+
+output "sumologic_monitors_folder" {
+  value       = sumologic_monitor_folder.monitor_folder
+  description = "This output contains rce Apps."
 }
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/LICENSE b/aws-observability-terraform/examples/sourcemodule/overrideSources/LICENSE
new file mode 100644
index 00000000..f9b9ffe9
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2020. Sumo Logic Inc., All Rights Reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md b/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md
new file mode 100644
index 00000000..647b7397
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md
@@ -0,0 +1,60 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.13.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
+| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [sumologic_field.account](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.accountid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.loadbalancername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.namespace](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
+| <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_folder_installation_location"></a> [sumologic\_folder\_installation\_location](#input\_sumologic\_folder\_installation\_location) | Indicates where to install the app folder. Enter "Personal Folder" for installing in "Personal" folder and "Admin Recommended Folder" for installing in "Admin Recommended" folder. | `string` | `"Personal Folder"` | no |
+| <a name="input_sumologic_folder_share_with_org"></a> [sumologic\_folder\_share\_with\_org](#input\_sumologic\_folder\_share\_with\_org) | Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable. | `bool` | `true` | no |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
+| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf
new file mode 100644
index 00000000..1b7dc985
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf
@@ -0,0 +1,97 @@
+# common fields
+resource "sumologic_field" "account" {
+    data_type  = "String"
+    field_name = "account"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "region" {
+    data_type  = "String"
+    field_name = "region"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "accountid" {
+    data_type  = "String"
+    field_name = "accountid"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "namespace" {
+    data_type  = "String"
+    field_name = "namespace"
+    state      = "Enabled"
+}
+
+# Used in ALB
+resource "sumologic_field" "loadbalancer" {
+    data_type  = "String"
+    field_name = "loadbalancer"
+    state      = "Enabled"
+}
+
+# Used in Classic LB
+resource "sumologic_field" "loadbalancername" {
+    data_type  = "String"
+    field_name = "loadbalancername"
+    state      = "Enabled"
+}
+
+# Used in API gateway
+resource "sumologic_field" "apiname" {
+    data_type  = "String"
+    field_name = "apiname"
+    state      = "Enabled"
+}
+
+# Used in DynamoDB
+resource "sumologic_field" "tablename" {
+    data_type  = "String"
+    field_name = "tablename"
+    state      = "Enabled"
+}
+
+# Used in EC2
+resource "sumologic_field" "instanceid" {
+    data_type  = "String"
+    field_name = "instanceid"
+    state      = "Enabled"
+}
+
+# Used in ECS
+resource "sumologic_field" "clustername" {
+    data_type  = "String"
+    field_name = "clustername"
+    state      = "Enabled"
+}
+
+# Used in Elasticache
+resource "sumologic_field" "cacheclusterid" {
+    data_type  = "String"
+    field_name = "cacheclusterid"
+    state      = "Enabled"
+}
+
+# Used in Lambda
+resource "sumologic_field" "functionname" {
+    data_type  = "String"
+    field_name = "functionname"
+    state      = "Enabled"
+}
+
+# Used in NLB
+resource "sumologic_field" "networkloadbalancer" {
+    data_type  = "String"
+    field_name = "networkloadbalancer"
+    state      = "Enabled"
+}
+
+# Used in RDS
+resource "sumologic_field" "dbidentifier" {
+    data_type  = "String"
+    field_name = "dbidentifier"
+    state      = "Enabled"
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh b/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh
new file mode 100644
index 00000000..5d4d83eb
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh
@@ -0,0 +1,101 @@
+#! /bin/bash
+
+# ----------------------------------------------------------------------------------------------------------------------------------------------------------
+# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+# Before using this script, set following environment variables using below commands:
+# export SUMOLOGIC_ENV=""
+# export SUMOLOGIC_ACCESSID=""
+# export SUMOLOGIC_ACCESSKEY=""
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+# Validate Sumo Logic environment/deployment.
+if ! [[ "$SUMOLOGIC_ENV" =~ ^(au|ca|de|eu|jp|us2|in|fed|us1)$ ]]; then
+    echo "$SUMOLOGIC_ENV is invalid Sumo Logic deployment. For SUMOLOGIC_ENV, provide one from list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+    exit 1
+fi
+
+# Get Sumo Logic api endpoint based on SUMOLOGIC_ENV
+if [ "${SUMOLOGIC_ENV}" == "us1" ];then
+    SUMOLOGIC_BASE_URL="https://api.sumologic.com/api/"
+else
+    SUMOLOGIC_BASE_URL="https://api.${SUMOLOGIC_ENV}.sumologic.com/api/"
+fi
+
+# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
+declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+
+function get_remaining_fields() {
+    local RESPONSE
+    readonly RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/fields/quota)"
+
+    echo "${RESPONSE}"
+}
+
+# Check if we'd have at least 13 fields remaining after additional fields
+# would be created for the collection
+function should_create_fields() {
+    local RESPONSE
+    readonly RESPONSE=$(get_remaining_fields)
+
+    if ! jq -e <<< "${RESPONSE}" ; then
+        printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
+        # Credential Issue
+        return 2
+    fi
+    
+    if ! jq -e '.remaining' <<< "${RESPONSE}" ; then
+        printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
+        # Permissions/credential issuses
+        return 3
+    fi
+
+    local REMAINING
+    readonly REMAINING=$(jq -e '.remaining' <<< "${RESPONSE}")
+  
+    if [ $REMAINING -ge ${#awso_list[*]} ] ; then
+        # Function returning with success
+        return 0
+    else
+        # Capacity not enough to create new fields
+        return 1
+    fi
+}
+
+should_create_fields
+outputVal=$?
+# Sumo Logic fields in field schema - Decide to import
+if [ $outputVal == 0 ] ; then
+    # Get list of all fields present in field schema of user's Sumo Logic org.
+    readonly FIELDS_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/fields | jq '.data[]' )"
+
+    for FIELD in "${awso_list[@]}" ; do
+        FIELD_ID=$( echo "${FIELDS_RESPONSE}" | jq -r "select(.fieldName == \"${FIELD}\") | .fieldId" )
+        if [[ -z "${FIELD_ID}" ]]; then
+            # If field is not present in Sumo org, skip importing
+            continue
+        fi
+        # Field exist in Sumo org, hence import
+        terraform import \
+            sumologic_field."${FIELD}" "${FIELD_ID}"
+    done
+elif [ $outputVal == 1 ] ; then
+    echo "Couldn't automatically create fields"
+    echo "You do not have enough field capacity to create the required fields automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+elif [ $outputVal == 2 ] ; then
+    echo "Error in calling Sumo Logic Fields API."
+    echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
+elif [ $outputVal == 3 ] ; then
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+else
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+fi
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars b/aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
new file mode 100644
index 00000000..06c3dde8
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
@@ -0,0 +1,26 @@
+####### BELOW ARE REQUIRED PARAMETERS FOR TERRAFORM SCRIPT #######
+# Visit - https://help.sumologic.com/Solutions/AWS_Observability_Solution/03_Set_Up_the_AWS_Observability_Solution#sumo-logic-access-configuration-required
+
+sumologic_environment     = ""   # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, jp, us2, in, fed or us1.
+sumologic_access_id       = ""
+sumologic_access_key      = ""
+sumologic_organization_id = ""  # Please replace <YOUR SUMO ORG ID> (including brackets) with your Sumo Logic Organization ID.
+aws_account_alias         = ""  # Please replace <YOUR AWS ACCOUNT ALIAS> with an AWS account alias for identification in Sumo Logic Explorer View, metrics and logs.
+# Example: https://api.sumologic.com/api/ Please update with your sumologic api endpoint. Refer, https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security
+sumo_api_endpoint         = ""  #"<YOUR SUMOLOGIC API ENDPOINT>"
+
+# # passing values
+# executeTest1 = "true"
+# executeTest2 = "true"
+# executeTest3 = "true"
+# executeTest4 = "true"
+# collector_id = ""
+# s3_name = ""
+# create_collector = false
+# collect_elb = "true"
+# collect_classic_lb = "true"
+# collect_cloudtrail = "true"
+# collect_rce = "Xray Source"
+# collect_logs_cloudwatch = "Kinesis Firehose Log Source"
+# collect_metric_cloudwatch = "CloudWatch Metrics Source"
+# create_s3_bucket = false
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/main.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/main.tf
new file mode 100644
index 00000000..324e45ac
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/main.tf
@@ -0,0 +1,142 @@
+# The below module is used to install AWS and Sumo Logic resources to collect logs and metrics from AWS into Sumo Logic.
+# NOTE - For multi account and multi region deployment, copy the module and provide different aws provider for region and account.
+#
+module "collection-module" {
+  source = "../../../source-module"
+
+  aws_account_alias         = var.aws_account_alias
+  sumologic_organization_id = var.sumologic_organization_id
+  access_id                 = var.sumologic_access_id
+  access_key                = var.sumologic_access_key
+  environment               = var.sumologic_environment
+
+  sumologic_existing_collector_details = {
+    create_collector = var.create_collector
+    collector_id = var.collector_id
+  }
+
+  # ALB logs
+  # elb_source_url = "https://api.sumologic.com/api/v1/collectors/185689129/sources/916197188"
+  collect_elb_logs = var.collect_elb
+  elb_source_details = {
+    source_name     = "Elb Logs us-east-1"
+    source_category = "aws/observability/alb/logs"
+    description     = "This source is created using the Sumo Logic terraform AWS Observability module to collect AWS ELB logs."
+    bucket_details = {
+        create_bucket        = var.create_s3_bucket
+        bucket_name          = var.s3_name
+        path_expression      = "*AWSLogs/*/elasticloadbalancing/*/*"
+        force_destroy_bucket = false
+    }
+    fields = {}
+  }
+
+  # CLB logs
+  # classic_lb_log_source_url = "https://api.sumologic.com/api/v1/collectors/185689129/sources/916197188"
+  collect_classic_lb_logs = var.collect_classic_lb
+  classic_lb_source_details = {
+  source_name     = "Classic lb Logs us-east-1"
+  source_category = "aws/observability/clb/logs"
+  description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs."
+  bucket_details = {
+      create_bucket        = var.create_s3_bucket
+      bucket_name          = var.s3_name
+      path_expression      = "*AWSLogs/*/elasticloadbalancing/*/*"
+      force_destroy_bucket = false
+  }
+  fields = {}
+}
+
+  # CW logs 
+  # logs_source_url = "https://api.sumologic.com/api/v1/collectors/185689129/sources/915277706"
+  collect_cloudwatch_logs = var.collect_logs_cloudwatch
+  cloudwatch_logs_source_details = {
+  "bucket_details": {
+    "bucket_name": var.s3_name,
+    "create_bucket": var.create_s3_bucket,
+    "force_destroy_bucket": true
+  },
+  "lambda_log_forwarder_config": {
+   "email_id": "abc@example.com",
+   "include_log_group_info": true,
+   "log_format": "Others",
+   "log_stream_prefix": [],
+   "workers": 4
+ },
+  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch Logs.",
+  "fields": {},
+  "source_category": "aws/observability/cloudwatch/logs",
+  "source_name": "CloudWatch Logs (Region)"
+}
+  
+  # Enable Collection of Cloudtrail logs
+  collect_cloudtrail_logs   = var.collect_cloudtrail
+  cloudtrail_source_details = {
+  source_name     = "CloudTrail Logs us-east-1"
+  source_category = "aws/observability/cloudtrail/logs"
+  description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS cloudtrail logs."
+  bucket_details = {
+      create_bucket        = var.create_s3_bucket
+      bucket_name          = var.s3_name
+      path_expression      = "AWSLogs/*/CloudTrail/*/*"
+      force_destroy_bucket = false
+  }
+  fields = {}
+}
+
+  # Collect CW metrics
+  collect_cloudwatch_metrics = var.collect_metric_cloudwatch
+  cloudwatch_metrics_source_details = {
+  "bucket_details": {
+    "bucket_name": var.s3_name,
+    "create_bucket": var.create_s3_bucket,
+    "force_destroy_bucket": true
+  },
+  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch metrics.",
+  "fields": {},
+  "limit_to_namespaces": [
+    "AWS/ApiGateway",
+    "AWS/ApplicationELB",
+    "AWS/AppStream",
+    "AWS/CloudFront",
+    "AWS/DMS",
+    "AWS/DX",
+    "AWS/DynamoDB",
+    "AWS/EBS",
+    "AWS/EC2",
+    "AWS/EC2Spot",
+    "AWS/EFS",
+    "AWS/ElastiCache",
+    "AWS/ElasticBeanstalk",
+    "AWS/ElasticMapReduce",
+    "AWS/ELB",
+    "AWS/ECS",
+    "AWS/Firehose",
+    "AWS/Inspector",
+    "AWS/Kinesis",
+    "AWS/KinesisAnalytics",
+    "AWS/KinesisVideo",
+    "AWS/KMS",
+    "AWS/Lambda",
+    "AWS/Logs",
+    "AWS/ML",
+    "AWS/NATGateway",
+    "AWS/NetworkELB",
+    "AWS/OpsWorks",
+    "AWS/RDS",
+    "AWS/Redshift",
+    "AWS/Route53",
+    "AWS/S3",
+    "AWS/SageMaker",
+    "AWS/SQS",
+    "AWS/StorageGateway",
+    "AWS/VPN",
+    "AWS/WorkSpaces"
+    ],
+  "source_category": "aws/observability/cloudwatch/metrics/us-east-1",
+  "source_name": "CloudWatch Metrics us-east-1"
+}
+
+  # RCE
+  collect_root_cause_data = var.collect_rce
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/output.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/output.tf
new file mode 100644
index 00000000..424f8cb7
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/output.tf
@@ -0,0 +1,216 @@
+output "collection_folder_id" {
+  value       = module.collection-module
+  description = "This output contains sumologic Collections output."
+  sensitive = true
+}
+
+output "sumologic_collector" {
+  value       = "${(var.executeTest1 || var.executeTest3) ? module.collection-module.sumologic_collector.collector.id : ""}"
+  description = "This output contains sumologic collector id."
+}
+
+output "aws_s3" {
+  value       = "${var.executeTest1 ? module.collection-module.aws_s3_bucket.s3_bucket.id:""}"
+  description = "This output contains AWS S3 bucket name."
+}
+
+output "aws_sns_topic" {
+  value       = "${var.executeTest1 ? module.collection-module.aws_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "aws_iam_role" {
+  value       = "${var.executeTest2 == false ? module.collection-module.aws_iam_role.sumologic_iam_role.name:""}"
+  description = "This output contains IAM role arn."
+}
+
+output "sumologic_cloudtrail_source" {
+  value       = "${var.collect_cloudtrail == true ? module.collection-module.cloudtrail_source.id : ""}"
+  description = "This output contains sumologic CloudTrail source id."
+}
+
+# Comment in case of test 4
+# output "aws_cloudtrail_name" {
+#   value       = "${var.collect_cloudtrail == true ? module.collection-module.aws_cloudtrail.cloudtrail.name : ""}"
+#   description = "This output contains CloudTrail Name."
+# }
+
+output "cloudtrail_sns_topic" {
+  value       = "${var.executeTest4 ? module.collection-module.cloudtrail_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "cloudtrail_sns_sub" {
+  value       = "${var.collect_cloudtrail == true ? module.collection-module.cloudtrail_sns_subscription.arn : ""}"
+  description = "This output contains Cloudtrail AWS SNS subscription arn."
+}
+
+output "sumologic_kinesis_firehose_for_metrics_source" {
+  value       = "${var.collect_metric_cloudwatch == "Kinesis Firehose Metrics Source" ? module.collection-module.kinesis_firehose_for_metrics_source.id : ""}"
+  description = "This output contains sumologic kinesis firehose for metrics source id."
+}
+
+output "kf_metrics_stream" {
+  value       = "${var.collect_metric_cloudwatch == "Kinesis Firehose Metrics Source" ? module.collection-module.aws_kinesis_firehose_metrics_delivery_stream.name : ""}"
+  description = "This output contains Kinesis Firehose for metrics stream Name."
+}
+
+output "cw_metrics_stream" {
+  value       = "${var.collect_metric_cloudwatch == "Kinesis Firehose Metrics Source" ? module.collection-module.aws_cloudwatch_metric_stream.name : ""}"
+  description = "This output contains CloudWatch metrics stream Name."
+}
+
+# output "sumologic_cloudwatch_metrics_source" {
+#   value       = "${var.collect_metric_cloudwatch == "CloudWatch Metrics Source" ? module.collection-module.cloudwatch_metrics_source.id : ""}"
+#   description = "This output contains sumologic CloudWatch metrics source id."
+# }
+
+output "sumologic_kinesis_firehose_for_logs_source" {
+  value       = "${var.collect_logs_cloudwatch == "Kinesis Firehose Log Source" ? module.collection-module.kinesis_firehose_for_logs_source.id : ""}"
+  description = "This output contains sumologic kinesis firehose for logs source id."
+}
+
+output "kf_logs_auto_enable_stack" {
+  value       = "${var.collect_logs_cloudwatch == "Kinesis Firehose Log Source" ? module.collection-module.kinesis_firehose_for_logs_auto_subscribe_stack.auto_enable_logs_subscription.id : ""}"
+  description = "This output contains Kinesis Firehose for logs auto enable CloudFormation Name."
+}
+
+output "kf_logs_stream" {
+  value       = "${var.collect_logs_cloudwatch == "Kinesis Firehose Log Source" ? module.collection-module.aws_kinesis_firehose_logs_delivery_stream.name : ""}"
+  description = "This output contains Kinesis Firehose for logs stream Name."
+}
+
+output "sumologic_cloudwatch_logs_source" {
+  value       = "${var.collect_logs_cloudwatch == "Lambda Log Forwarder" ? module.collection-module.cloudwatch_logs_source.id : ""}"
+  description = "This output contains sumologic CloudWatch log source id."
+}
+
+output "cw_logs_auto_enable_stack" {
+  value       = "${var.collect_logs_cloudwatch == "Lambda Log Forwarder" ? module.collection-module.cloudwatch_logs_auto_subscribe_stack.auto_enable_logs_subscription.id : ""}"
+  description = "This output contains CloudWatch logs cloudFormation stack."
+}
+
+output "log_forwarder_lambda_name" {
+  value       = "${var.collect_logs_cloudwatch == "Lambda Log Forwarder" ? module.collection-module.cloudwatch_logs_lambda_function.id : ""}"
+  description = "This output contains Lambda logs forwarder Function Name."
+}
+
+output "sumologic_classic_lb_source" {
+  value       = "${var.collect_classic_lb == true ? module.collection-module.classic_lb_source.id : ""}"
+  description = "This output contains sumologic Classic ELB source id."
+}
+
+output "classic_lb_sns_topic" {
+  value       = "${var.executeTest4 ? module.collection-module.classic_lb_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "classic_lb_sns_sub" {
+  value       = "${var.collect_classic_lb == true ? module.collection-module.classic_lb_sns_subscription.arn : ""}"
+  description = "This output contains Classic ELB AWS SNS subscription arn."
+}
+
+output "clb_auto_enable_stack" {
+  value       = "${var.collect_classic_lb == true ? module.collection-module.classic_lb_auto_enable_stack.auto_enable_access_logs.id : ""}"
+  description = "This output contains CLB auto enable CloudFormation Name."
+}
+
+output "sumologic_elb_source" {
+  value       = "${var.collect_elb == true ? module.collection-module.elb_source.id : ""}"
+  description = "This output contains sumologic ALB source id."
+}
+
+output "alb_sns_topic" {
+  value       = "${var.executeTest4 ? module.collection-module.elb_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "alb_sns_sub" {
+  value       = "${var.collect_elb == true ? module.collection-module.elb_sns_subscription.arn : ""}"
+  description = "This output contains ALB AWS SNS subscription arn."
+}
+
+output "alb_auto_enable_stack" {
+  value       = "${var.collect_elb == true ? module.collection-module.elb_auto_enable_stack.auto_enable_access_logs.id : ""}"
+  description = "This output contains ALB auto enable CloudFormation Name."
+}
+
+output "sumologic_inventory_source" {
+  value       = "${(var.collect_rce == "Both" || var.collect_rce == "Inventory Source") ? module.collection-module.inventory_source.aws_inventory_source.id : ""}"
+  description = "This output contains sumologic aws inventory source id."
+}
+
+output "sumologic_xray_source" {
+  value       = "${(var.collect_rce == "Both" || var.collect_rce == "Xray Source") ? module.collection-module.xray_source.aws_xray_source.id : ""}"
+  description = "This output contains sumologic aws xray source id."
+}
+
+output "sumologic_field_account" {
+  value       = sumologic_field.account.id
+  description = "This output contains sumologic Account field id."
+}
+
+output "sumologic_field_region" {
+  value       = sumologic_field.region.id
+  description = "This output contains sumologic Region field id."
+}
+
+output "sumologic_field_accountid" {
+  value       = sumologic_field.accountid.id
+  description = "This output contains sumologic accountid field id."
+}
+
+output "sumologic_field_namespace" {
+  value       = sumologic_field.namespace.id
+  description = "This output contains sumologic namespace field id."
+}
+
+output "sumologic_field_loadbalancer" {
+  value       = sumologic_field.loadbalancer.id
+  description = "This output contains sumologic loadbalancer field id."
+}
+
+output "sumologic_field_loadbalancername" {
+  value       = sumologic_field.loadbalancername.id
+  description = "This output contains sumologic loadbalancername field id."
+}
+
+output "sumologic_field_apiname" {
+  value       = sumologic_field.apiname.id
+  description = "This output contains sumologic apiname field id."
+}
+
+output "sumologic_field_tablename" {
+  value       = sumologic_field.tablename.id
+  description = "This output contains sumologic tablename field id."
+}
+
+output "sumologic_field_instanceid" {
+  value       = sumologic_field.instanceid.id
+  description = "This output contains sumologic instanceid field id."
+}
+
+output "sumologic_field_clustername" {
+  value       = sumologic_field.clustername.id
+  description = "This output contains sumologic clustername field id."
+}
+
+output "sumologic_field_cacheclusterid" {
+  value       = sumologic_field.cacheclusterid.id
+  description = "This output contains sumologic cacheclusterid field id."
+}
+
+output "sumologic_field_functionname" {
+  value       = sumologic_field.functionname.id
+  description = "This output contains sumologic functionname field id."
+}
+
+output "sumologic_field_networkloadbalancer" {
+  value       = sumologic_field.networkloadbalancer.id
+  description = "This output contains sumologic networkloadbalancer field id."
+}
+
+output "sumologic_field_dbidentifier" {
+  value       = sumologic_field.dbidentifier.id
+  description = "This output contains sumologic dbidentifier field id."
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/providers.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/providers.tf
new file mode 100644
index 00000000..413e6d80
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/providers.tf
@@ -0,0 +1,21 @@
+provider "sumologic" {
+  environment = var.sumologic_environment
+  access_id   = var.sumologic_access_id
+  access_key  = var.sumologic_access_key
+  admin_mode  = var.sumologic_folder_installation_location == "Personal Folder" ? false : true
+}
+
+provider "aws" {
+  region = "us-east-1"
+  #
+  # Below properties should be added when you would like to onboard more than one region and account
+  # More Information regarding AWS Profile can be found at -
+  #
+  # Access configuration
+  #
+  # profile = <Provide a profile as setup in AWS CLI>
+  #
+  # Terraform alias
+  #
+  # alias = <Provide a terraform alias for the aws provider. For eg :- production-us-east-1>
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/variables.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/variables.tf
new file mode 100644
index 00000000..75f5ee84
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/variables.tf
@@ -0,0 +1,358 @@
+variable "sumologic_environment" {
+  type        = string
+  description = "Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+
+  validation {
+    condition = contains([
+      "au",
+      "ca",
+      "de",
+      "eu",
+      "jp",
+      "us1",
+      "us2",
+      "in",
+    "fed"], var.sumologic_environment)
+    error_message = "The value must be one of au, ca, de, eu, jp, us1, us2, in, or fed."
+  }
+}
+
+variable "sumologic_access_id" {
+  type        = string
+  description = "Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_access_id))
+    error_message = "The SumoLogic access ID must contain valid characters."
+  }
+}
+
+variable "sumologic_access_key" {
+  type        = string
+  description = "Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+  #sensitive = true
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_access_key))
+    error_message = "The SumoLogic access key must contain valid characters."
+  }
+  
+}
+
+variable "sumologic_organization_id" {
+  type        = string
+  description = <<EOT
+            You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."
+            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page
+        EOT
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_organization_id))
+    error_message = "The organization ID must contain valid characters."
+  }
+}
+
+variable "aws_account_alias" {
+  type        = string
+  description = <<EOT
+            Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.
+            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.
+            Do not include special characters in the alias.
+        EOT
+  validation {
+    condition     = can(regex("[a-z0-9]*", var.aws_account_alias))
+    error_message = "Alias must only contain lowercase letters, number and length less than or equal to 30 characters."
+  }
+}
+
+variable "sumologic_folder_installation_location" {
+  type        = string
+  description = "Indicates where to install the app folder. Enter \"Personal Folder\" for installing in \"Personal\" folder and \"Admin Recommended Folder\" for installing in \"Admin Recommended\" folder."
+  validation {
+    condition = contains([
+      "Personal Folder",
+      "Admin Recommended Folder"], var.sumologic_folder_installation_location)
+    error_message = "The value must be one of \"Personal Folder\" or \"Admin Recommended Folder\"."
+  }
+  default     = "Personal Folder"
+
+}
+
+variable "sumologic_folder_share_with_org" {
+  type        = bool
+  description = "Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable."
+  default     = true
+
+}
+
+variable "sumo_api_endpoint" {
+  type = string
+  validation {
+    condition = contains([
+      "https://api.au.sumologic.com/api/",
+    "https://api.ca.sumologic.com/api/", "https://api.de.sumologic.com/api/", "https://api.eu.sumologic.com/api/", "https://api.fed.sumologic.com/api/", "https://api.in.sumologic.com/api/", "https://api.jp.sumologic.com/api/", "https://api.sumologic.com/api/", "https://api.us2.sumologic.com/api/"], var.sumo_api_endpoint)
+    error_message = "Argument \"sumo_api_endpoint\" must be one of the values specified at https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security."
+  }
+}
+
+variable "apps_folder" {
+  type        = string
+  description = <<EOT
+            Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
+            Default value will be: AWS Observability Apps
+        EOT
+  default     = "AWS Observability Apps"
+}
+
+variable "monitors_folder" {
+  type        = string
+  description = <<EOT
+            Provide a folder name where all the monitors will be installed under Monitor Folder.
+            Default value will be: AWS Observability Monitors
+        EOT
+  default     = "AWS Observability Monitors"
+}
+
+variable "alb_monitors" {
+  type        = bool
+  description = "Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "ec2metrics_monitors" {
+  type        = bool
+  description = "Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "ecs_monitors" {
+  type        = bool
+  description = "Indicates if ECS Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "elasticache_monitors" {
+  type        = bool
+  description = "Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "collect_elb" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic ALB Logs Source.
+            You have the following options:
+			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects application load balancer logs from an existing bucket or a new bucket.
+			If true, please configure \"elb_source_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.
+			false - you are already ingesting load balancer logs into Sumo Logic.
+		EOT
+  default     = true
+}
+
+variable "collect_classic_lb" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic Classic LB Logs Source.
+            You have the following options:
+			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects classic load balancer logs from an existing bucket or a new bucket.
+			If true, please configure \"classic_lb_source_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.
+			false - you are already ingesting load balancer logs into Sumo Logic.
+		EOT
+  default     = true
+}
+
+variable "collect_logs_cloudwatch" {
+  type        = string
+  description = <<EOT
+            Select the kind of Sumo Logic CloudWatch Logs Sources to create
+            You have the following options:
+            "Lambda Log Forwarder" - Creates a Sumo Logic CloudWatch Log Source that collects CloudWatch logs via a Lambda function.
+            "Kinesis Firehose Log Source" - Creates a Sumo Logic Kinesis Firehose Log Source to collect CloudWatch logs.
+            "None" - Skips installation of both sources.
+        EOT
+  validation {
+    condition = contains([
+      "Lambda Log Forwarder",
+      "Kinesis Firehose Log Source",
+    "None", ], var.collect_logs_cloudwatch)
+    error_message = "The value must be one of \"Lambda Log Forwarder\", \"Kinesis Firehose Log Source\", and None."
+  }
+  default = "Kinesis Firehose Log Source"
+}
+
+variable "collect_cloudtrail" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic CloudTrail Logs Source.
+            You have the following options:
+			true - to ingest cloudtrail logs into Sumo Logic. Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.
+			If true, please configure \"cloudtrail_source_details\" with configuration information to ingest cloudtrail logs.
+			false - you are already ingesting cloudtrail logs into Sumo Logic.
+		EOT
+  default     = true
+}
+
+variable "collect_metric_cloudwatch" {
+  type        = string
+  description = <<EOT
+            Select the kind of CloudWatch Metrics Source to create
+            You have the following options:
+            "CloudWatch Metrics Source" - Creates Sumo Logic AWS CloudWatch Metrics Sources.
+            "Kinesis Firehose Metrics Source" (Recommended) - Creates a Sumo Logic AWS Kinesis Firehose for Metrics Source. Note: This new source has cost and performance benefits over the CloudWatch Metrics Source and is therefore recommended.
+            "None" - Skips the Installation of both the Sumo Logic Metric Sources
+        EOT
+  validation {
+    condition = contains([
+      "CloudWatch Metrics Source",
+      "Kinesis Firehose Metrics Source",
+    "None", ], var.collect_metric_cloudwatch)
+    error_message = "The value must be one of \"CloudWatch Metrics Source\", \"Kinesis Firehose Metrics Source\", and None."
+  }
+  default = "Kinesis Firehose Metrics Source"
+}
+
+variable "collect_rce" {
+  type        = string
+  description = <<EOT
+            Select the Sumo Logic Root Cause Explorer Source.
+            You have the following options:
+            Inventory Source - Creates a Sumo Logic Inventory Source used by Root Cause Explorer.
+            Xray Source - Creates a Sumo Logic AWS X-Ray Source that collects X-Ray Trace Metrics from your AWS account.
+            Both - Install both Inventory and Xray sources.
+            None - Skips installation of both sources.
+        EOT
+  validation {
+    condition = contains([
+      "Inventory Source",
+      "Xray Source",
+      "Both",
+    "None", ], var.collect_rce)
+    error_message = "The value must be one of \"Inventory Source\", \"Xray Source\", \"Both\" and None."
+  }
+  default = "Both"
+}
+
+variable "elb_details" {
+  type = object({
+    source_name     = string
+    source_category = string
+    description     = string
+    bucket_details = object({
+      create_bucket        = bool
+      bucket_name          = string
+      path_expression      = string
+      force_destroy_bucket = bool
+    })
+    fields = map(string)
+  })
+  description = <<EOT
+            Provide details for the Sumo Logic ALB source. If not provided, then defaults will be used.
+            To enable collection of application load balancer logs, set collect_elb_logs to true and provide configuration information for the bucket.
+            If create_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.
+            If create_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.
+            path_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *elasticloadbalancing/AWSLogs/*/elasticloadbalancing/*/*
+        EOT
+  default = {
+    source_name     = "Elb Logs (Region)"
+    source_category = "aws/observability/alb/logs"
+    description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Application LoadBalancer logs."
+    bucket_details = {
+      create_bucket        = true
+      bucket_name          = "aws-observability-random-id"
+      path_expression      = "*elasticloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"
+      force_destroy_bucket = true
+    }
+    fields = {}
+  }
+  validation {
+    condition     = can(regex("[a-z0-9-.]{3,63}$", var.elb_details.bucket_details.bucket_name))
+    error_message = "3-63 characters; must contain only lowercase letters, numbers, hyphen or period. For more details - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+}
+
+variable "classic_lb_details" {
+  type = object({
+    source_name     = string
+    source_category = string
+    description     = string
+    bucket_details = object({
+      create_bucket        = bool
+      bucket_name          = string
+      path_expression      = string
+      force_destroy_bucket = bool
+    })
+    fields = map(string)
+  })
+  description = <<EOT
+            Provide details for the Sumo Logic Classic Load Balancer source. If not provided, then defaults will be used.
+            To enable collection of classic load balancer logs, set collect_classic_lb_logs to true and provide configuration information for the bucket.
+            If create_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.
+            If create_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.
+            path_expression - This is required in case the above existing bucket is already configured to receive Classic LB access logs. If this is blank, Sumo Logic will store logs in the path expression: *classicloadbalancing/AWSLogs/*/elasticloadbalancing/*/*
+        EOT
+  default = {
+    source_name     = "Classic lb Logs (Region)"
+    source_category = "aws/observability/clb/logs"
+    description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs."
+    bucket_details = {
+      create_bucket        = true
+      bucket_name          = "aws-observability-random-id"
+      path_expression      = "*classicloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"
+      force_destroy_bucket = true
+    }
+    fields = {}
+  }
+  validation {
+    condition     = can(regex("[a-z0-9-.]{3,63}$", var.classic_lb_details.bucket_details.bucket_name))
+    error_message = "3-63 characters; must contain only lowercase letters, numbers, hyphen or period. For more details - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+}
+variable "create_collector" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic Collector.
+            You have the following options:
+			true - If you want to create collector.
+			false - If you already have a collector.
+		EOT
+  default     = true
+}
+variable "collector_id" {
+  type        = string
+  description = "Required if you already have collector."
+  default = ""
+}
+variable "create_s3_bucket" {
+  type        = bool
+  description = <<EOT
+            Create a AWS S3 bucket.
+            You have the following options:
+			true - If you want to create S3 bucket.
+			false - If you already have a S3 bucket.
+		EOT
+  default     = true
+}
+variable "s3_name" {
+  type        = string
+  description = "Required if you already have a S3 bucket."
+  default = ""
+}
+variable "executeTest1" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
+variable "executeTest2" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
+variable "executeTest3" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
+variable "executeTest4" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf
new file mode 100644
index 00000000..75909178
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.42.0, < 4.0.0"
+    }
+    sumologic = {
+      version = "= 2.13.0"
+      source  = "SumoLogic/sumologic"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.7.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.1.0"
+    }
+  }
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/LICENSE b/aws-observability-terraform/examples/sourcemodule/testSource/LICENSE
new file mode 100644
index 00000000..f9b9ffe9
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2020. Sumo Logic Inc., All Rights Reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/README.md b/aws-observability-terraform/examples/sourcemodule/testSource/README.md
new file mode 100644
index 00000000..647b7397
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/README.md
@@ -0,0 +1,60 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.13.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
+| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [sumologic_field.account](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.accountid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.loadbalancername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.namespace](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
+| <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_sumologic_folder_installation_location"></a> [sumologic\_folder\_installation\_location](#input\_sumologic\_folder\_installation\_location) | Indicates where to install the app folder. Enter "Personal Folder" for installing in "Personal" folder and "Admin Recommended Folder" for installing in "Admin Recommended" folder. | `string` | `"Personal Folder"` | no |
+| <a name="input_sumologic_folder_share_with_org"></a> [sumologic\_folder\_share\_with\_org](#input\_sumologic\_folder\_share\_with\_org) | Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable. | `bool` | `true` | no |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."<br>            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
+| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/field.tf b/aws-observability-terraform/examples/sourcemodule/testSource/field.tf
new file mode 100644
index 00000000..1b7dc985
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/field.tf
@@ -0,0 +1,97 @@
+# common fields
+resource "sumologic_field" "account" {
+    data_type  = "String"
+    field_name = "account"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "region" {
+    data_type  = "String"
+    field_name = "region"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "accountid" {
+    data_type  = "String"
+    field_name = "accountid"
+    state      = "Enabled"
+}
+
+# common fields
+resource "sumologic_field" "namespace" {
+    data_type  = "String"
+    field_name = "namespace"
+    state      = "Enabled"
+}
+
+# Used in ALB
+resource "sumologic_field" "loadbalancer" {
+    data_type  = "String"
+    field_name = "loadbalancer"
+    state      = "Enabled"
+}
+
+# Used in Classic LB
+resource "sumologic_field" "loadbalancername" {
+    data_type  = "String"
+    field_name = "loadbalancername"
+    state      = "Enabled"
+}
+
+# Used in API gateway
+resource "sumologic_field" "apiname" {
+    data_type  = "String"
+    field_name = "apiname"
+    state      = "Enabled"
+}
+
+# Used in DynamoDB
+resource "sumologic_field" "tablename" {
+    data_type  = "String"
+    field_name = "tablename"
+    state      = "Enabled"
+}
+
+# Used in EC2
+resource "sumologic_field" "instanceid" {
+    data_type  = "String"
+    field_name = "instanceid"
+    state      = "Enabled"
+}
+
+# Used in ECS
+resource "sumologic_field" "clustername" {
+    data_type  = "String"
+    field_name = "clustername"
+    state      = "Enabled"
+}
+
+# Used in Elasticache
+resource "sumologic_field" "cacheclusterid" {
+    data_type  = "String"
+    field_name = "cacheclusterid"
+    state      = "Enabled"
+}
+
+# Used in Lambda
+resource "sumologic_field" "functionname" {
+    data_type  = "String"
+    field_name = "functionname"
+    state      = "Enabled"
+}
+
+# Used in NLB
+resource "sumologic_field" "networkloadbalancer" {
+    data_type  = "String"
+    field_name = "networkloadbalancer"
+    state      = "Enabled"
+}
+
+# Used in RDS
+resource "sumologic_field" "dbidentifier" {
+    data_type  = "String"
+    field_name = "dbidentifier"
+    state      = "Enabled"
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh b/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh
new file mode 100644
index 00000000..5d4d83eb
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh
@@ -0,0 +1,101 @@
+#! /bin/bash
+
+# ----------------------------------------------------------------------------------------------------------------------------------------------------------
+# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+# Before using this script, set following environment variables using below commands:
+# export SUMOLOGIC_ENV=""
+# export SUMOLOGIC_ACCESSID=""
+# export SUMOLOGIC_ACCESSKEY=""
+#-----------------------------------------------------------------------------------------------------------------------------------------------------------
+
+# Validate Sumo Logic environment/deployment.
+if ! [[ "$SUMOLOGIC_ENV" =~ ^(au|ca|de|eu|jp|us2|in|fed|us1)$ ]]; then
+    echo "$SUMOLOGIC_ENV is invalid Sumo Logic deployment. For SUMOLOGIC_ENV, provide one from list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+    exit 1
+fi
+
+# Get Sumo Logic api endpoint based on SUMOLOGIC_ENV
+if [ "${SUMOLOGIC_ENV}" == "us1" ];then
+    SUMOLOGIC_BASE_URL="https://api.sumologic.com/api/"
+else
+    SUMOLOGIC_BASE_URL="https://api.${SUMOLOGIC_ENV}.sumologic.com/api/"
+fi
+
+# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
+declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+
+function get_remaining_fields() {
+    local RESPONSE
+    readonly RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/fields/quota)"
+
+    echo "${RESPONSE}"
+}
+
+# Check if we'd have at least 13 fields remaining after additional fields
+# would be created for the collection
+function should_create_fields() {
+    local RESPONSE
+    readonly RESPONSE=$(get_remaining_fields)
+
+    if ! jq -e <<< "${RESPONSE}" ; then
+        printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
+        # Credential Issue
+        return 2
+    fi
+    
+    if ! jq -e '.remaining' <<< "${RESPONSE}" ; then
+        printf "Failed requesting fields API:\n%s\n" "${RESPONSE}"
+        # Permissions/credential issuses
+        return 3
+    fi
+
+    local REMAINING
+    readonly REMAINING=$(jq -e '.remaining' <<< "${RESPONSE}")
+  
+    if [ $REMAINING -ge ${#awso_list[*]} ] ; then
+        # Function returning with success
+        return 0
+    else
+        # Capacity not enough to create new fields
+        return 1
+    fi
+}
+
+should_create_fields
+outputVal=$?
+# Sumo Logic fields in field schema - Decide to import
+if [ $outputVal == 0 ] ; then
+    # Get list of all fields present in field schema of user's Sumo Logic org.
+    readonly FIELDS_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/fields | jq '.data[]' )"
+
+    for FIELD in "${awso_list[@]}" ; do
+        FIELD_ID=$( echo "${FIELDS_RESPONSE}" | jq -r "select(.fieldName == \"${FIELD}\") | .fieldId" )
+        if [[ -z "${FIELD_ID}" ]]; then
+            # If field is not present in Sumo org, skip importing
+            continue
+        fi
+        # Field exist in Sumo org, hence import
+        terraform import \
+            sumologic_field."${FIELD}" "${FIELD_ID}"
+    done
+elif [ $outputVal == 1 ] ; then
+    echo "Couldn't automatically create fields"
+    echo "You do not have enough field capacity to create the required fields automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+elif [ $outputVal == 2 ] ; then
+    echo "Error in calling Sumo Logic Fields API."
+    echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
+elif [ $outputVal == 3 ] ; then
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+else
+    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+fi
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars b/aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
new file mode 100644
index 00000000..4ae9d3c8
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
@@ -0,0 +1,10 @@
+####### BELOW ARE REQUIRED PARAMETERS FOR TERRAFORM SCRIPT #######
+# Visit - https://help.sumologic.com/Solutions/AWS_Observability_Solution/03_Set_Up_the_AWS_Observability_Solution#sumo-logic-access-configuration-required
+
+sumologic_environment     = ""  # Please replace <YOUR SUMO DEPLOYMENT> (including brackets) with au, ca, de, eu, jp, us2, in, fed or us1.
+sumologic_access_id       = ""
+sumologic_access_key      = ""
+sumologic_organization_id = ""  # Please replace <YOUR SUMO ORG ID> (including brackets) with your Sumo Logic Organization ID.
+aws_account_alias         = ""  # Please replace <YOUR AWS ACCOUNT ALIAS> with an AWS account alias for identification in Sumo Logic Explorer View, metrics and logs.
+# Example: https://api.sumologic.com/api/ Please update with your sumologic api endpoint. Refer, https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security
+sumo_api_endpoint         = "" #"<YOUR SUMOLOGIC API ENDPOINT>"
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/main.tf b/aws-observability-terraform/examples/sourcemodule/testSource/main.tf
new file mode 100644
index 00000000..3b470d6b
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/main.tf
@@ -0,0 +1,40 @@
+# The below module is used to install AWS and Sumo Logic resources to collect logs and metrics from AWS into Sumo Logic.
+# NOTE - For multi account and multi region deployment, copy the module and provide different aws provider for region and account.
+#
+module "collection-module" {
+  source = "../../../source-module"
+
+  aws_account_alias         = var.aws_account_alias
+  sumologic_organization_id = var.sumologic_organization_id
+  access_id                 = var.sumologic_access_id
+  access_key                = var.sumologic_access_key
+  environment               = var.sumologic_environment
+
+  sumologic_existing_collector_details = {
+    create_collector = var.create_collector
+    collector_id = var.collector_id
+  }
+
+  # ALB logs
+  # elb_source_url = "https://api.sumologic.com/api/v1/collectors/185689129/sources/916197188"
+  collect_elb_logs = var.collect_elb
+
+  # CLB logs
+  # classic_lb_log_source_url = "https://api.sumologic.com/api/v1/collectors/185689129/sources/916197188"
+  collect_classic_lb_logs = var.collect_classic_lb
+
+  # CW logs 
+  # logs_source_url = "https://api.sumologic.com/api/v1/collectors/185689129/sources/915277706"
+  collect_cloudwatch_logs = var.collect_logs_cloudwatch
+  
+  # Enable Collection of Cloudtrail logs
+  collect_cloudtrail_logs   = var.collect_cloudtrail
+
+  # Collect CW metrics
+  collect_cloudwatch_metrics = var.collect_metric_cloudwatch
+
+  # RCE
+  collect_root_cause_data = var.collect_rce
+
+  # wait_for_seconds = "10"
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/output.tf b/aws-observability-terraform/examples/sourcemodule/testSource/output.tf
new file mode 100644
index 00000000..b9b2c91a
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/output.tf
@@ -0,0 +1,223 @@
+output "collection_folder_id" {
+  value       = module.collection-module
+  description = "This output contains sumologic Collections output."
+  sensitive = true
+}
+
+# Comment in case of Null collection (test 2 )
+output "sumologic_collector" {
+  value       = "${var.create_collector ? module.collection-module.sumologic_collector.collector.id : ""}"
+  description = "This output contains sumologic collector id."
+}
+
+# Comment in case of Null collection (test 2 and 3, 4)
+output "aws_s3" {
+  value       = "${var.executeTest1 ? module.collection-module.aws_s3_bucket.s3_bucket.id:""}"
+  description = "This output contains AWS S3 bucket name."
+}
+
+# Comment in case of Null collection (test 2 and 3,4)
+output "aws_sns_topic" {
+  value       = "${var.executeTest1 ? module.collection-module.aws_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+# Comment in case of Null collection
+output "aws_iam_role" {
+  value       = "${var.executeTest2 == false ? module.collection-module.aws_iam_role.sumologic_iam_role.name:""}"
+  description = "This output contains IAM role arn."
+}
+
+output "sumologic_cloudtrail_source" {
+  value       = "${var.collect_cloudtrail == true ? module.collection-module.cloudtrail_source.id : ""}"
+  description = "This output contains sumologic CloudTrail source id."
+}
+
+# Comment in case of test 4
+output "aws_cloudtrail_name" {
+  value       = "${var.collect_cloudtrail == true ? module.collection-module.aws_cloudtrail.cloudtrail.name : ""}"
+  description = "This output contains CloudTrail Name."
+}
+
+# Only visible in test 4
+output "cloudtrail_sns_topic" {
+  value       = "${var.executeTest4 ? module.collection-module.cloudtrail_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "cloudtrail_sns_sub" {
+  value       = "${var.collect_cloudtrail == true ? module.collection-module.cloudtrail_sns_subscription.arn : ""}"
+  description = "This output contains Cloudtrail AWS SNS subscription arn."
+}
+
+output "sumologic_kinesis_firehose_for_metrics_source" {
+  value       = "${var.collect_metric_cloudwatch == "Kinesis Firehose Metrics Source" ? module.collection-module.kinesis_firehose_for_metrics_source.id : ""}"
+  description = "This output contains sumologic kinesis firehose for metrics source id."
+}
+
+output "kf_metrics_stream" {
+  value       = "${var.collect_metric_cloudwatch == "Kinesis Firehose Metrics Source" ? module.collection-module.aws_kinesis_firehose_metrics_delivery_stream.name : ""}"
+  description = "This output contains Kinesis Firehose for metrics stream Name."
+}
+
+output "cw_metrics_stream" {
+  value       = "${var.collect_metric_cloudwatch == "Kinesis Firehose Metrics Source" ? module.collection-module.aws_cloudwatch_metric_stream.name : ""}"
+  description = "This output contains CloudWatch metrics stream Name."
+}
+
+# output "sumologic_cloudwatch_metrics_source" {
+#   value       = "${var.collect_metric_cloudwatch == "CloudWatch Metrics Source" ? module.collection-module.cloudwatch_metrics_source.id : ""}"
+#   description = "This output contains sumologic CloudWatch metrics source id."
+# }
+
+output "sumologic_kinesis_firehose_for_logs_source" {
+  value       = "${var.collect_logs_cloudwatch == "Kinesis Firehose Log Source" ? module.collection-module.kinesis_firehose_for_logs_source.id : ""}"
+  description = "This output contains sumologic kinesis firehose for logs source id."
+}
+
+output "kf_logs_auto_enable_stack" {
+  value       = "${var.collect_logs_cloudwatch == "Kinesis Firehose Log Source" ? module.collection-module.kinesis_firehose_for_logs_auto_subscribe_stack.auto_enable_logs_subscription.id : ""}"
+  description = "This output contains Kinesis Firehose for logs auto enable CloudFormation Name."
+}
+
+output "kf_logs_stream" {
+  value       = "${var.collect_logs_cloudwatch == "Kinesis Firehose Log Source" ? module.collection-module.aws_kinesis_firehose_logs_delivery_stream.name : ""}"
+  description = "This output contains Kinesis Firehose for logs stream Name."
+}
+
+output "sumologic_cloudwatch_logs_source" {
+  value       = "${var.collect_logs_cloudwatch == "Lambda Log Forwarder" ? module.collection-module.cloudwatch_logs_source.id : ""}"
+  description = "This output contains sumologic CloudWatch log source id."
+}
+
+output "cw_logs_auto_enable_stack" {
+  value       = "${var.collect_logs_cloudwatch == "Lambda Log Forwarder" ? module.collection-module.cloudwatch_logs_auto_subscribe_stack.auto_enable_logs_subscription.id : ""}"
+  description = "This output contains CloudWatch logs cloudFormation stack."
+}
+
+output "log_forwarder_lambda_name" {
+  value       = "${var.collect_logs_cloudwatch == "Lambda Log Forwarder" ? module.collection-module.cloudwatch_logs_lambda_function.id : ""}"
+  description = "This output contains Lambda logs forwarder Function Name."
+}
+
+output "sumologic_classic_lb_source" {
+  value       = "${var.collect_classic_lb == true ? module.collection-module.classic_lb_source.id : ""}"
+  description = "This output contains sumologic Classic ELB source id."
+}
+
+# Only visible in test 4
+output "classic_lb_sns_topic" {
+  value       = "${var.executeTest4 ? module.collection-module.classic_lb_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "classic_lb_sns_sub" {
+  value       = "${var.collect_classic_lb == true ? module.collection-module.classic_lb_sns_subscription.arn : ""}"
+  description = "This output contains Classic ELB AWS SNS subscription arn."
+}
+
+output "clb_auto_enable_stack" {
+  value       = "${var.collect_classic_lb == true ? module.collection-module.classic_lb_auto_enable_stack.auto_enable_access_logs.id : ""}"
+  description = "This output contains CLB auto enable CloudFormation Name."
+}
+
+output "sumologic_elb_source" {
+  value       = "${var.collect_elb == true ? module.collection-module.elb_source.id : ""}"
+  description = "This output contains sumologic ALB source id."
+}
+
+# Only visible in test 4
+output "alb_sns_topic" {
+  value       = "${var.executeTest4 ? module.collection-module.elb_sns_topic.sns_topic.arn:""}"
+  description = "This output contains AWS SNS topic arn."
+}
+
+output "alb_sns_sub" {
+  value       = "${var.collect_elb == true ? module.collection-module.elb_sns_subscription.arn : ""}"
+  description = "This output contains ALB AWS SNS subscription arn."
+}
+
+output "alb_auto_enable_stack" {
+  value       = "${var.collect_elb == true ? module.collection-module.elb_auto_enable_stack.auto_enable_access_logs.id : ""}"
+  description = "This output contains ALB auto enable CloudFormation Name."
+}
+
+output "sumologic_inventory_source" {
+  value       = "${(var.collect_rce == "Both" || var.collect_rce == "Inventory Source") ? module.collection-module.inventory_source.aws_inventory_source.id : ""}"
+  description = "This output contains sumologic aws inventory source id."
+}
+
+output "sumologic_xray_source" {
+  value       = "${(var.collect_rce == "Both" || var.collect_rce == "Xray Source") ? module.collection-module.xray_source.aws_xray_source.id : ""}"
+  description = "This output contains sumologic aws xray source id."
+}
+
+output "sumologic_field_account" {
+  value       = sumologic_field.account.id
+  description = "This output contains sumologic Account field id."
+}
+
+output "sumologic_field_region" {
+  value       = sumologic_field.region.id
+  description = "This output contains sumologic Region field id."
+}
+
+output "sumologic_field_accountid" {
+  value       = sumologic_field.accountid.id
+  description = "This output contains sumologic accountid field id."
+}
+
+output "sumologic_field_namespace" {
+  value       = sumologic_field.namespace.id
+  description = "This output contains sumologic namespace field id."
+}
+
+output "sumologic_field_loadbalancer" {
+  value       = sumologic_field.loadbalancer.id
+  description = "This output contains sumologic loadbalancer field id."
+}
+
+output "sumologic_field_loadbalancername" {
+  value       = sumologic_field.loadbalancername.id
+  description = "This output contains sumologic loadbalancername field id."
+}
+
+output "sumologic_field_apiname" {
+  value       = sumologic_field.apiname.id
+  description = "This output contains sumologic apiname field id."
+}
+
+output "sumologic_field_tablename" {
+  value       = sumologic_field.tablename.id
+  description = "This output contains sumologic tablename field id."
+}
+
+output "sumologic_field_instanceid" {
+  value       = sumologic_field.instanceid.id
+  description = "This output contains sumologic instanceid field id."
+}
+
+output "sumologic_field_clustername" {
+  value       = sumologic_field.clustername.id
+  description = "This output contains sumologic clustername field id."
+}
+
+output "sumologic_field_cacheclusterid" {
+  value       = sumologic_field.cacheclusterid.id
+  description = "This output contains sumologic cacheclusterid field id."
+}
+
+output "sumologic_field_functionname" {
+  value       = sumologic_field.functionname.id
+  description = "This output contains sumologic functionname field id."
+}
+
+output "sumologic_field_networkloadbalancer" {
+  value       = sumologic_field.networkloadbalancer.id
+  description = "This output contains sumologic networkloadbalancer field id."
+}
+
+output "sumologic_field_dbidentifier" {
+  value       = sumologic_field.dbidentifier.id
+  description = "This output contains sumologic dbidentifier field id."
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/providers.tf b/aws-observability-terraform/examples/sourcemodule/testSource/providers.tf
new file mode 100644
index 00000000..413e6d80
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/providers.tf
@@ -0,0 +1,21 @@
+provider "sumologic" {
+  environment = var.sumologic_environment
+  access_id   = var.sumologic_access_id
+  access_key  = var.sumologic_access_key
+  admin_mode  = var.sumologic_folder_installation_location == "Personal Folder" ? false : true
+}
+
+provider "aws" {
+  region = "us-east-1"
+  #
+  # Below properties should be added when you would like to onboard more than one region and account
+  # More Information regarding AWS Profile can be found at -
+  #
+  # Access configuration
+  #
+  # profile = <Provide a profile as setup in AWS CLI>
+  #
+  # Terraform alias
+  #
+  # alias = <Provide a terraform alias for the aws provider. For eg :- production-us-east-1>
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/variables.tf b/aws-observability-terraform/examples/sourcemodule/testSource/variables.tf
new file mode 100644
index 00000000..75f5ee84
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/variables.tf
@@ -0,0 +1,358 @@
+variable "sumologic_environment" {
+  type        = string
+  description = "Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+
+  validation {
+    condition = contains([
+      "au",
+      "ca",
+      "de",
+      "eu",
+      "jp",
+      "us1",
+      "us2",
+      "in",
+    "fed"], var.sumologic_environment)
+    error_message = "The value must be one of au, ca, de, eu, jp, us1, us2, in, or fed."
+  }
+}
+
+variable "sumologic_access_id" {
+  type        = string
+  description = "Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_access_id))
+    error_message = "The SumoLogic access ID must contain valid characters."
+  }
+}
+
+variable "sumologic_access_key" {
+  type        = string
+  description = "Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+  #sensitive = true
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_access_key))
+    error_message = "The SumoLogic access key must contain valid characters."
+  }
+  
+}
+
+variable "sumologic_organization_id" {
+  type        = string
+  description = <<EOT
+            You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources."
+            For more details, visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page
+        EOT
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_organization_id))
+    error_message = "The organization ID must contain valid characters."
+  }
+}
+
+variable "aws_account_alias" {
+  type        = string
+  description = <<EOT
+            Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.
+            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.
+            Do not include special characters in the alias.
+        EOT
+  validation {
+    condition     = can(regex("[a-z0-9]*", var.aws_account_alias))
+    error_message = "Alias must only contain lowercase letters, number and length less than or equal to 30 characters."
+  }
+}
+
+variable "sumologic_folder_installation_location" {
+  type        = string
+  description = "Indicates where to install the app folder. Enter \"Personal Folder\" for installing in \"Personal\" folder and \"Admin Recommended Folder\" for installing in \"Admin Recommended\" folder."
+  validation {
+    condition = contains([
+      "Personal Folder",
+      "Admin Recommended Folder"], var.sumologic_folder_installation_location)
+    error_message = "The value must be one of \"Personal Folder\" or \"Admin Recommended Folder\"."
+  }
+  default     = "Personal Folder"
+
+}
+
+variable "sumologic_folder_share_with_org" {
+  type        = bool
+  description = "Indicates if AWS Observability folder should be shared (view access) with entire organization. true to enable; false to disable."
+  default     = true
+
+}
+
+variable "sumo_api_endpoint" {
+  type = string
+  validation {
+    condition = contains([
+      "https://api.au.sumologic.com/api/",
+    "https://api.ca.sumologic.com/api/", "https://api.de.sumologic.com/api/", "https://api.eu.sumologic.com/api/", "https://api.fed.sumologic.com/api/", "https://api.in.sumologic.com/api/", "https://api.jp.sumologic.com/api/", "https://api.sumologic.com/api/", "https://api.us2.sumologic.com/api/"], var.sumo_api_endpoint)
+    error_message = "Argument \"sumo_api_endpoint\" must be one of the values specified at https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security."
+  }
+}
+
+variable "apps_folder" {
+  type        = string
+  description = <<EOT
+            Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
+            Default value will be: AWS Observability Apps
+        EOT
+  default     = "AWS Observability Apps"
+}
+
+variable "monitors_folder" {
+  type        = string
+  description = <<EOT
+            Provide a folder name where all the monitors will be installed under Monitor Folder.
+            Default value will be: AWS Observability Monitors
+        EOT
+  default     = "AWS Observability Monitors"
+}
+
+variable "alb_monitors" {
+  type        = bool
+  description = "Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "ec2metrics_monitors" {
+  type        = bool
+  description = "Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "ecs_monitors" {
+  type        = bool
+  description = "Indicates if ECS Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "elasticache_monitors" {
+  type        = bool
+  description = "Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
+variable "collect_elb" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic ALB Logs Source.
+            You have the following options:
+			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects application load balancer logs from an existing bucket or a new bucket.
+			If true, please configure \"elb_source_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.
+			false - you are already ingesting load balancer logs into Sumo Logic.
+		EOT
+  default     = true
+}
+
+variable "collect_classic_lb" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic Classic LB Logs Source.
+            You have the following options:
+			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects classic load balancer logs from an existing bucket or a new bucket.
+			If true, please configure \"classic_lb_source_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.
+			false - you are already ingesting load balancer logs into Sumo Logic.
+		EOT
+  default     = true
+}
+
+variable "collect_logs_cloudwatch" {
+  type        = string
+  description = <<EOT
+            Select the kind of Sumo Logic CloudWatch Logs Sources to create
+            You have the following options:
+            "Lambda Log Forwarder" - Creates a Sumo Logic CloudWatch Log Source that collects CloudWatch logs via a Lambda function.
+            "Kinesis Firehose Log Source" - Creates a Sumo Logic Kinesis Firehose Log Source to collect CloudWatch logs.
+            "None" - Skips installation of both sources.
+        EOT
+  validation {
+    condition = contains([
+      "Lambda Log Forwarder",
+      "Kinesis Firehose Log Source",
+    "None", ], var.collect_logs_cloudwatch)
+    error_message = "The value must be one of \"Lambda Log Forwarder\", \"Kinesis Firehose Log Source\", and None."
+  }
+  default = "Kinesis Firehose Log Source"
+}
+
+variable "collect_cloudtrail" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic CloudTrail Logs Source.
+            You have the following options:
+			true - to ingest cloudtrail logs into Sumo Logic. Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.
+			If true, please configure \"cloudtrail_source_details\" with configuration information to ingest cloudtrail logs.
+			false - you are already ingesting cloudtrail logs into Sumo Logic.
+		EOT
+  default     = true
+}
+
+variable "collect_metric_cloudwatch" {
+  type        = string
+  description = <<EOT
+            Select the kind of CloudWatch Metrics Source to create
+            You have the following options:
+            "CloudWatch Metrics Source" - Creates Sumo Logic AWS CloudWatch Metrics Sources.
+            "Kinesis Firehose Metrics Source" (Recommended) - Creates a Sumo Logic AWS Kinesis Firehose for Metrics Source. Note: This new source has cost and performance benefits over the CloudWatch Metrics Source and is therefore recommended.
+            "None" - Skips the Installation of both the Sumo Logic Metric Sources
+        EOT
+  validation {
+    condition = contains([
+      "CloudWatch Metrics Source",
+      "Kinesis Firehose Metrics Source",
+    "None", ], var.collect_metric_cloudwatch)
+    error_message = "The value must be one of \"CloudWatch Metrics Source\", \"Kinesis Firehose Metrics Source\", and None."
+  }
+  default = "Kinesis Firehose Metrics Source"
+}
+
+variable "collect_rce" {
+  type        = string
+  description = <<EOT
+            Select the Sumo Logic Root Cause Explorer Source.
+            You have the following options:
+            Inventory Source - Creates a Sumo Logic Inventory Source used by Root Cause Explorer.
+            Xray Source - Creates a Sumo Logic AWS X-Ray Source that collects X-Ray Trace Metrics from your AWS account.
+            Both - Install both Inventory and Xray sources.
+            None - Skips installation of both sources.
+        EOT
+  validation {
+    condition = contains([
+      "Inventory Source",
+      "Xray Source",
+      "Both",
+    "None", ], var.collect_rce)
+    error_message = "The value must be one of \"Inventory Source\", \"Xray Source\", \"Both\" and None."
+  }
+  default = "Both"
+}
+
+variable "elb_details" {
+  type = object({
+    source_name     = string
+    source_category = string
+    description     = string
+    bucket_details = object({
+      create_bucket        = bool
+      bucket_name          = string
+      path_expression      = string
+      force_destroy_bucket = bool
+    })
+    fields = map(string)
+  })
+  description = <<EOT
+            Provide details for the Sumo Logic ALB source. If not provided, then defaults will be used.
+            To enable collection of application load balancer logs, set collect_elb_logs to true and provide configuration information for the bucket.
+            If create_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.
+            If create_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.
+            path_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *elasticloadbalancing/AWSLogs/*/elasticloadbalancing/*/*
+        EOT
+  default = {
+    source_name     = "Elb Logs (Region)"
+    source_category = "aws/observability/alb/logs"
+    description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Application LoadBalancer logs."
+    bucket_details = {
+      create_bucket        = true
+      bucket_name          = "aws-observability-random-id"
+      path_expression      = "*elasticloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"
+      force_destroy_bucket = true
+    }
+    fields = {}
+  }
+  validation {
+    condition     = can(regex("[a-z0-9-.]{3,63}$", var.elb_details.bucket_details.bucket_name))
+    error_message = "3-63 characters; must contain only lowercase letters, numbers, hyphen or period. For more details - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+}
+
+variable "classic_lb_details" {
+  type = object({
+    source_name     = string
+    source_category = string
+    description     = string
+    bucket_details = object({
+      create_bucket        = bool
+      bucket_name          = string
+      path_expression      = string
+      force_destroy_bucket = bool
+    })
+    fields = map(string)
+  })
+  description = <<EOT
+            Provide details for the Sumo Logic Classic Load Balancer source. If not provided, then defaults will be used.
+            To enable collection of classic load balancer logs, set collect_classic_lb_logs to true and provide configuration information for the bucket.
+            If create_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.
+            If create_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.
+            path_expression - This is required in case the above existing bucket is already configured to receive Classic LB access logs. If this is blank, Sumo Logic will store logs in the path expression: *classicloadbalancing/AWSLogs/*/elasticloadbalancing/*/*
+        EOT
+  default = {
+    source_name     = "Classic lb Logs (Region)"
+    source_category = "aws/observability/clb/logs"
+    description     = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs."
+    bucket_details = {
+      create_bucket        = true
+      bucket_name          = "aws-observability-random-id"
+      path_expression      = "*classicloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"
+      force_destroy_bucket = true
+    }
+    fields = {}
+  }
+  validation {
+    condition     = can(regex("[a-z0-9-.]{3,63}$", var.classic_lb_details.bucket_details.bucket_name))
+    error_message = "3-63 characters; must contain only lowercase letters, numbers, hyphen or period. For more details - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+}
+variable "create_collector" {
+  type        = bool
+  description = <<EOT
+            Create a Sumo Logic Collector.
+            You have the following options:
+			true - If you want to create collector.
+			false - If you already have a collector.
+		EOT
+  default     = true
+}
+variable "collector_id" {
+  type        = string
+  description = "Required if you already have collector."
+  default = ""
+}
+variable "create_s3_bucket" {
+  type        = bool
+  description = <<EOT
+            Create a AWS S3 bucket.
+            You have the following options:
+			true - If you want to create S3 bucket.
+			false - If you already have a S3 bucket.
+		EOT
+  default     = true
+}
+variable "s3_name" {
+  type        = string
+  description = "Required if you already have a S3 bucket."
+  default = ""
+}
+variable "executeTest1" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
+variable "executeTest2" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
+variable "executeTest3" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
+variable "executeTest4" {
+  type        = bool
+  description = "True - If you want to execute this TestCase"
+  default     = false
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf b/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf
new file mode 100644
index 00000000..75909178
--- /dev/null
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.42.0, < 4.0.0"
+    }
+    sumologic = {
+      version = "= 2.13.0"
+      source  = "SumoLogic/sumologic"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">= 0.7.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.1.0"
+    }
+  }
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/source-module/local.tf b/aws-observability-terraform/source-module/local.tf
index b843dde7..6ca94f92 100644
--- a/aws-observability-terraform/source-module/local.tf
+++ b/aws-observability-terraform/source-module/local.tf
@@ -58,7 +58,7 @@ locals {
   create_classic_lb_bucket      = local.create_classic_lb_source && var.classic_lb_source_details.bucket_details.create_bucket
   create_kf_metrics_fail_bucket = local.create_kf_metrics_source && var.cloudwatch_metrics_source_details.bucket_details.create_bucket
   create_kf_logs_fail_bucket    = local.create_kf_logs_source && var.cloudwatch_logs_source_details.bucket_details.create_bucket
-  create_common_bucket          = local.create_cloudtrail_bucket || local.create_elb_bucket || local.create_classic_lb_source || local.create_kf_metrics_fail_bucket || local.create_kf_logs_fail_bucket
+  create_common_bucket          = local.create_cloudtrail_bucket || local.create_elb_bucket || local.create_classic_lb_bucket || local.create_kf_metrics_fail_bucket || local.create_kf_logs_fail_bucket
   common_bucket_name            = local.create_common_bucket ? "aws-observability-${random_string.aws_random.id}" : ""
   common_force_destroy          = local.create_common_bucket && (var.cloudtrail_source_details.bucket_details.force_destroy_bucket || var.elb_source_details.bucket_details.force_destroy_bucket || var.cloudwatch_metrics_source_details.bucket_details.force_destroy_bucket || var.cloudwatch_logs_source_details.bucket_details.force_destroy_bucket)
 
diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf
index 79471f54..3ae0d4c3 100644
--- a/aws-observability-terraform/source-module/main.tf
+++ b/aws-observability-terraform/source-module/main.tf
@@ -168,7 +168,7 @@ module "cloudwatch_metrics_source_module" {
     limit_to_namespaces = [each.value]
     limit_to_regions    = [local.aws_region]
     paused              = false
-    scan_interval       = local.namespace_scan_interval[regex("^AWS/(\\w+)$", each.value)[0]]
+    scan_interval       = lookup(local.namespace_scan_interval,regex("^AWS/(\\w+)$", each.value)[0],"300000")
     sumo_account_id     = local.sumo_account_id
     fields              = local.metrics_fields
     iam_details = {
diff --git a/aws-observability-terraform/test/appmodule/app_test.go b/aws-observability-terraform/test/appmodule/app_test.go
index a2298c56..6eb2ecb5 100644
--- a/aws-observability-terraform/test/appmodule/app_test.go
+++ b/aws-observability-terraform/test/appmodule/app_test.go
@@ -14,12 +14,8 @@ func TestAppModule1(t *testing.T) {
 	// t.Parallel()
 
 	// The values to pass into the terraform CLI
-	// rootFolder := "../"
-	// terraformFolderRelativeToRoot := "examples/appmodule"
-	// // Copy the terraform folder to a temp folder
-	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
-	TerraformDir := "../examples/appmodule"
-	props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+	TerraformDir := "../../examples/appmodule"
+	props = loadPropertiesFile("../../examples/appmodule/main.auto.tfvars")
 	Vars := map[string]interface{}{}
 
 	// Deploy the solution using Terraform
@@ -56,8 +52,8 @@ func TestAppModule2(t *testing.T) {
 	// terraformFolderRelativeToRoot := "examples/appmodule"
 	// // Copy the terraform folder to a temp folder
 	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
-	TerraformDir := "../examples/appmodule"
-	props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+	TerraformDir := "../../examples/appmodule"
+	props = loadPropertiesFile("../../examples/appmodule/main.auto.tfvars")
 
 	// Deploy the solution using Terraform
 	test_structure.RunTestStage(t, "deploy", func() {
@@ -86,12 +82,8 @@ func TestAppModule3(t *testing.T) {
 	}
 
 	// The values to pass into the terraform CLI
-	// rootFolder := ".."
-	// terraformFolderRelativeToRoot := "examples/appmodule"
-	// // Copy the terraform folder to a temp folder
-	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
-	TerraformDir := "../examples/appmodule"
-	props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+	TerraformDir := "../../examples/appmodule"
+	props = loadPropertiesFile("../../examples/appmodule/main.auto.tfvars")
 
 	// Deploy the solution using Terraform
 	test_structure.RunTestStage(t, "deploy", func() {
@@ -121,13 +113,9 @@ func TestAppModule4(t *testing.T) {
 		"ecs_monitors":                           "false",
 	}
 
-	// // The values to pass into the terraform CLI
-	// // rootFolder := ".."
-	// // terraformFolderRelativeToRoot := "examples/appmodule"
-	// // // Copy the terraform folder to a temp folder
-	// // TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
-	TerraformDir := "../examples/appmodule"
-	// props = loadPropertiesFile("../examples/appmodule/main.auto.tfvars")
+	// The values to pass into the terraform CLI
+	TerraformDir := "../../examples/appmodule"
+	props = loadPropertiesFile("../../examples/appmodule/main.auto.tfvars")
 
 	// Deploy the solution using Terraform
 	test_structure.RunTestStage(t, "deploy", func() {
diff --git a/aws-observability-terraform/test/appmodule/validateSumo.go b/aws-observability-terraform/test/appmodule/validateSumo.go
index 9ec873cc..6e86745a 100644
--- a/aws-observability-terraform/test/appmodule/validateSumo.go
+++ b/aws-observability-terraform/test/appmodule/validateSumo.go
@@ -12,7 +12,7 @@ import (
 	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
 )
 
-var props = loadPropertiesFile("../examples/default/main.auto.tfvars")
+var props = loadPropertiesFile("../../examples/appmodule/main.auto.tfvars")
 
 func loadPropertiesFile(file string) map[string]string {
 	props, err := ReadPropertiesFile(file)
diff --git a/aws-observability-terraform/test/sourcemodule/README.md b/aws-observability-terraform/test/sourcemodule/README.md
new file mode 100644
index 00000000..ef28cb88
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/README.md
@@ -0,0 +1,72 @@
+# Unit/Integration Tests for Sumo Logic SDO Terraform
+
+#### Unit Tests
+
+The unit tests verify/run following:
+1. `terraform` installation.
+2. `tflint` installation.
+3. Run `tflint`.
+4. Run `terraform init`. Make sure third party plugins are installed otherwise this will fail.
+5. Run `terraform validate`.
+6. Run `terraform fmt`.
+
+#### Running unit tests
+
+```shell
+cd test
+sh unit_tests.sh
+```
+
+#### Integration Tests
+
+[Terratest](https://terratest.gruntwork.io/) is being used for Integration testing of the Sumo Logic SDO Terraform scripts.
+
+Following objects are verified:
+
+1. Sumo Logic:
+
+    * Collector.
+    * Sources for each app i.e. Jira Server, Jira Cloud, Opsgenie, Bitbucket, Github and Pagerduty.
+    * App installation for Jira Cloud, Jira Server, Opsgenie, Bitbucket, Github and Pagerduty.
+    * Webhooks for Jira Cloud, Jira Server, Jira Service Desk, Opsgenie and Pagerduty.
+
+2. Atlassian
+
+    * Opsgenie Integration.
+
+3. Pagerduty
+
+    * Pagerduty Integration.
+
+
+#### Running integration tests
+
+
+1. Configure the execution options in `sumologic.auto.tfvars`, `atlassian.auto.tfvars`, `github.auto.tfvars`, `pagerduty.auto.tfvars` and `webhooks.auto-tfvars`.
+2. Configure your Sumo Logic Username by setting the environment variable:
+
+    * `SUMOLOGIC_USERNAME`, it should be the same user with which the access id is created.
+
+3. Install Terraform and make sure it's on your PATH.
+4. Install Golang and make sure it's on your PATH.
+5. Execute Tests
+
+    ```shell
+    cd test
+    dep ensure
+    go test -v -timeout 30m
+    ```
+6. The tests are divided into multiple stages:
+
+    * deploy
+    * validateSumoLogic
+    * validateAtlassian
+    * validatePagerduty
+    * cleanup
+
+    All the stages are executed by default. If you would like to skip a stage set the environment variables like `SKIP_deploy=true`.
+    This is very helpful for example if you are modifying the code and do not want to create/destroy resources with each test run.
+    To achieve this, for the first run you would set `SKIP_cleanup=true` and all other variables should be unset.
+    For the second run it would be `SKIP_cleanup=true` and `SKIP_deploy=true`.
+
+    Now, you can run tests without creating/destroying resources with each run. Once you are finished, unset `SKIP_cleanup` and run the tests to clean up the resources.
diff --git a/aws-observability-terraform/test/sourcemodule/source_test.go b/aws-observability-terraform/test/sourcemodule/source_test.go
new file mode 100644
index 00000000..d19fde20
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/source_test.go
@@ -0,0 +1,296 @@
+package test
+
+import (
+	//"fmt"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
+	"testing"
+)
+
+var resourceCount *terraform.ResourceCount
+
+// Testing scenerio 1 - Install source module with all defaults
+func TestSourceModule1(t *testing.T) {
+	// t.Parallel()
+
+	// The values to pass into the terraform CLI
+	TerraformDir := "../../examples/sourcemodule/testSource"
+	props = loadPropertiesFile("../../examples/sourcemodule/testSource/main.auto.tfvars")
+	Vars := map[string]interface{}{
+		"executeTest1": "true",
+	}
+
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		resourceCount = deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Assert count of Expected resources.
+	test_structure.RunTestStage(t, "AssertCount", func() {
+		AssertResourceCounts(t, resourceCount, 82, 0, 0)
+	})
+
+	// Load the Terraform Options saved by the earlier deploy_terraform stage
+	terraformOptions := test_structure.LoadTerraformOptions(t, TerraformDir)
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		// Collector
+		collectorID := terraform.Output(t, terraformOptions, "sumologic_collector")
+		validateSumoCollector(t, terraformOptions, collectorID)
+		// Classic ELB Source
+		clbSourceID := terraform.Output(t, terraformOptions, "sumologic_classic_lb_source")
+		validateSumoSource(t, terraformOptions, collectorID, clbSourceID)
+		// CloudTrail Source
+		cloudtrailSourceID := terraform.Output(t, terraformOptions, "sumologic_cloudtrail_source")
+		validateSumoSource(t, terraformOptions, collectorID, cloudtrailSourceID)
+		// ELB Source
+		elbSourceID := terraform.Output(t, terraformOptions, "sumologic_elb_source")
+		validateSumoSource(t, terraformOptions, collectorID, elbSourceID)
+		// AWS Inventory Source
+		awsInventorySourceID := terraform.Output(t, terraformOptions, "sumologic_inventory_source")
+		validateSumoSource(t, terraformOptions, collectorID, awsInventorySourceID)
+		// Kf Logs Source
+		kfLogsSourceID := terraform.Output(t, terraformOptions, "sumologic_kinesis_firehose_for_logs_source")
+		validateSumoSource(t, terraformOptions, collectorID, kfLogsSourceID)
+		// Kf Metrics Source
+		kfMetricsSourceID := terraform.Output(t, terraformOptions, "sumologic_kinesis_firehose_for_metrics_source")
+		validateSumoSource(t, terraformOptions, collectorID, kfMetricsSourceID)
+		// XRAY Source
+		xraySourceID := terraform.Output(t, terraformOptions, "sumologic_xray_source")
+		validateSumoSource(t, terraformOptions, collectorID, xraySourceID)
+		// S3 bucket
+		s3bucket := terraform.Output(t, terraformOptions, "aws_s3")
+		validateS3Bucket(t, terraformOptions, s3bucket)
+		// SNS Topic
+		snsTopic := terraform.Output(t, terraformOptions, "aws_sns_topic")
+		validateSNSTopic(t, terraformOptions, snsTopic)
+		// Classic ELB SNS Subscription
+		clbSNSsub := terraform.Output(t, terraformOptions, "classic_lb_sns_sub")
+		validateSNSsub(t, terraformOptions, clbSNSsub)
+		// Cloudtrail SNS Subscription
+		cloudtrailSNSsub := terraform.Output(t, terraformOptions, "cloudtrail_sns_sub")
+		validateSNSsub(t, terraformOptions, cloudtrailSNSsub)
+		// ALB SNS Subscription
+		albSNSsub := terraform.Output(t, terraformOptions, "alb_sns_sub")
+		validateSNSsub(t, terraformOptions, albSNSsub)
+		// AWS IAM role
+		iamRole := terraform.Output(t, terraformOptions, "aws_iam_role")
+		validateIAMRole(t, terraformOptions, iamRole)
+		// AWS CloudTrail
+		cloudTrailName := terraform.Output(t, terraformOptions, "aws_cloudtrail_name")
+		validateCloudTrail(t, terraformOptions, cloudTrailName)
+		// Classic LB CloudFormation Stack
+		clbStack := terraform.Output(t, terraformOptions, "clb_auto_enable_stack")
+		validateCFStack(t, terraformOptions, clbStack)
+		// ALB CloudFormation Stack
+		albStack := terraform.Output(t, terraformOptions, "alb_auto_enable_stack")
+		validateCFStack(t, terraformOptions, albStack)
+		// KF logs CloudFormation Stack
+		kfLogsStack := terraform.Output(t, terraformOptions, "kf_logs_auto_enable_stack")
+		validateCFStack(t, terraformOptions, kfLogsStack)
+		// Kinesis Firehose for Logs
+		kfLogsStream := terraform.Output(t, terraformOptions, "kf_logs_stream")
+		validateKFstream(t, terraformOptions, kfLogsStream)
+		// Kinesis Firehose for Metrics
+		kfMetricsStream := terraform.Output(t, terraformOptions, "kf_metrics_stream")
+		validateKFstream(t, terraformOptions, kfMetricsStream)
+		// Cloud Watch metric stream
+		cwMetricsStream := terraform.Output(t, terraformOptions, "cw_metrics_stream")
+		validateCWmetricstream(t, terraformOptions, cwMetricsStream)
+
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
+
+// Testing scenerio 2 - Install with no collection of any source
+func TestSourceModule2(t *testing.T) {
+	// t.Parallel()
+
+	// The values to pass into the terraform CLI
+	TerraformDir := "../../examples/sourcemodule/testSource"
+	props = loadPropertiesFile("../../examples/sourcemodule/testSource/main.auto.tfvars")
+
+	Vars := map[string]interface{}{
+		"executeTest2":              "true",
+		"create_collector":          "false",
+		"collect_elb":               "false",
+		"collect_classic_lb":        "false",
+		"collect_cloudtrail":        "false",
+		"collect_rce":               "None",
+		"collect_logs_cloudwatch":   "None",
+		"collect_metric_cloudwatch": "None",
+	}
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		resourceCount = deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Assert count of Expected resources.
+	test_structure.RunTestStage(t, "AssertCount", func() {
+		AssertResourceCounts(t, resourceCount, 16, 0, 0)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
+
+// Testing scenerio 3 - Collect CW Logs via Lambda Log forwarder, CW Metrics via CW metric source & Inventory source
+func TestSourceModule3(t *testing.T) {
+	// t.Parallel()
+
+	// The values to pass into the terraform CLI
+	// rootFolder := "../"
+	// terraformFolderRelativeToRoot := "examples/sourcemodule"
+	// Copy the terraform folder to a temp folder
+	// TerraformDir := test_structure.CopyTerraformFolderToTemp(t, rootFolder, terraformFolderRelativeToRoot)
+	TerraformDir := "../../examples/sourcemodule/testSource"
+	props = loadPropertiesFile("../../examples/sourcemodule/testSource/main.auto.tfvars")
+
+	Vars := map[string]interface{}{
+		"executeTest3":              "true",
+		"collect_elb":               "false",
+		"collect_classic_lb":        "false",
+		"collect_cloudtrail":        "false",
+		"collect_rce":               "Inventory Source",
+		"collect_logs_cloudwatch":   "Lambda Log Forwarder",
+		"collect_metric_cloudwatch": "CloudWatch Metrics Source",
+	}
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		resourceCount = deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// Assert count of Expected resources.
+	test_structure.RunTestStage(t, "AssertCount", func() {
+		AssertResourceCounts(t, resourceCount, 80, 0, 0)
+	})
+	// Load the Terraform Options saved by the earlier deploy_terraform stage
+	terraformOptions := test_structure.LoadTerraformOptions(t, TerraformDir)
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		// Collector
+		collectorID := terraform.Output(t, terraformOptions, "sumologic_collector")
+		validateSumoCollector(t, terraformOptions, collectorID)
+		// AWS IAM role
+		iamRole := terraform.Output(t, terraformOptions, "aws_iam_role")
+		validateIAMRole(t, terraformOptions, iamRole)
+		// LLF Logs Source
+		cwLogsSourceID := terraform.Output(t, terraformOptions, "sumologic_cloudwatch_logs_source")
+		validateSumoSource(t, terraformOptions, collectorID, cwLogsSourceID)
+		// CloudWatch logs lambda forwarder
+		lambdaName := terraform.Output(t, terraformOptions, "log_forwarder_lambda_name")
+		validateLambda(t, terraformOptions, lambdaName)
+		// LLF logs CloudFormation Stack
+		llfLogsStack := terraform.Output(t, terraformOptions, "cw_logs_auto_enable_stack")
+		validateCFStack(t, terraformOptions, llfLogsStack)
+		// AWS Inventory Source
+		awsInventorySourceID := terraform.Output(t, terraformOptions, "sumologic_inventory_source")
+		validateSumoSource(t, terraformOptions, collectorID, awsInventorySourceID)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
+
+// Testing scenerio 4 - Override bucket details of sources ALB, CLB, CloudTrail, CloudWatch logs and metrics with existing collector. X-Ray source
+// Takes 14 mins to execute
+func TestSourceModule4(t *testing.T) {
+	// t.Parallel()
+
+	// The values to pass into the terraform CLI
+	TerraformDir := "../../examples/sourcemodule/overrideSources"
+	props = loadPropertiesFile("../../examples/sourcemodule/overrideSources/main.auto.tfvars")
+
+	Vars := map[string]interface{}{
+		"collector_id":              "",
+		"s3_name":                   "",
+		"executeTest4":              "true",
+		"create_collector":          "false",
+		"collect_elb":               "true",
+		"collect_classic_lb":        "true",
+		"collect_cloudtrail":        "true",
+		"collect_rce":               "Xray Source",
+		"collect_logs_cloudwatch":   "Kinesis Firehose Log Source",
+		"collect_metric_cloudwatch": "CloudWatch Metrics Source",
+		"create_s3_bucket":          "false",
+	}
+	// Deploy the solution using Terraform
+	test_structure.RunTestStage(t, "deploy", func() {
+		resourceCount = deployTerraform(t, TerraformDir, Vars)
+	})
+
+	// // Assert count of Expected resources.
+	// test_structure.RunTestStage(t, "AssertCount", func() {
+	// 	AssertResourceCounts(t, resourceCount, 69, 0, 0)
+	// })
+
+	// Load the Terraform Options saved by the earlier deploy_terraform stage
+	terraformOptions := test_structure.LoadTerraformOptions(t, TerraformDir)
+
+	// Validate that the resources are created in Sumo Logic
+	test_structure.RunTestStage(t, "validateSumoLogic", func() {
+		// AWS IAM role
+		iamRole := terraform.Output(t, terraformOptions, "aws_iam_role")
+		validateIAMRole(t, terraformOptions, iamRole)
+		// Classic ELB SNS Topic
+		clbSNStopic := terraform.Output(t, terraformOptions, "classic_lb_sns_topic")
+		validateSNSTopic(t, terraformOptions, clbSNStopic)
+		// Classic ELB SNS Subscription
+		clbSNSsub := terraform.Output(t, terraformOptions, "classic_lb_sns_sub")
+		validateSNSsub(t, terraformOptions, clbSNSsub)
+		// Classic ELB Source
+		clbSourceID := terraform.Output(t, terraformOptions, "sumologic_classic_lb_source")
+		validateSumoSource(t, terraformOptions, Vars["collector_id"].(string), clbSourceID)
+		// Classic LB CloudFormation Stack
+		clbStack := terraform.Output(t, terraformOptions, "clb_auto_enable_stack")
+		validateCFStack(t, terraformOptions, clbStack)
+		// CloudTrail SNS Topic
+		cloudtrailSNStopic := terraform.Output(t, terraformOptions, "cloudtrail_sns_topic")
+		validateSNSTopic(t, terraformOptions, cloudtrailSNStopic)
+		// Cloudtrail SNS Subscription
+		cloudtrailSNSsub := terraform.Output(t, terraformOptions, "cloudtrail_sns_sub")
+		validateSNSsub(t, terraformOptions, cloudtrailSNSsub)
+		// CloudTrail Source
+		cloudtrailSourceID := terraform.Output(t, terraformOptions, "sumologic_cloudtrail_source")
+		validateSumoSource(t, terraformOptions, Vars["collector_id"].(string), cloudtrailSourceID)
+		// ALB SNS Topic
+		albSNStopic := terraform.Output(t, terraformOptions, "alb_sns_topic")
+		validateSNSTopic(t, terraformOptions, albSNStopic)
+		// ALB SNS Subscription
+		albSNSsub := terraform.Output(t, terraformOptions, "alb_sns_sub")
+		validateSNSsub(t, terraformOptions, albSNSsub)
+		// ALB CloudFormation Stack
+		albStack := terraform.Output(t, terraformOptions, "alb_auto_enable_stack")
+		validateCFStack(t, terraformOptions, albStack)
+		// ALB Source
+		elbSourceID := terraform.Output(t, terraformOptions, "sumologic_elb_source")
+		validateSumoSource(t, terraformOptions, Vars["collector_id"].(string), elbSourceID)
+		// Kf Logs Source
+		kfLogsSourceID := terraform.Output(t, terraformOptions, "sumologic_kinesis_firehose_for_logs_source")
+		validateSumoSource(t, terraformOptions, Vars["collector_id"].(string), kfLogsSourceID)
+		// KF logs auto enable CloudFormation Stack
+		kfStack := terraform.Output(t, terraformOptions, "kf_logs_auto_enable_stack")
+		validateCFStack(t, terraformOptions, kfStack)
+		// Kinesis Firehose for Logs
+		kfLogsStream := terraform.Output(t, terraformOptions, "kf_logs_stream")
+		validateKFstream(t, terraformOptions, kfLogsStream)
+		// XRAY Source
+		xraySourceID := terraform.Output(t, terraformOptions, "sumologic_xray_source")
+		validateSumoSource(t, terraformOptions, Vars["collector_id"].(string), xraySourceID)
+	})
+
+	// At the end of the test, un-deploy the solution using Terraform
+	defer test_structure.RunTestStage(t, "cleanup", func() {
+		destroyTerraform(t, TerraformDir)
+	})
+}
diff --git a/aws-observability-terraform/test/sourcemodule/terraform.go b/aws-observability-terraform/test/sourcemodule/terraform.go
new file mode 100644
index 00000000..d2374bce
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/terraform.go
@@ -0,0 +1,48 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	test_structure "github.com/gruntwork-io/terratest/modules/test-structure"
+)
+
+// Deploy the resources using Terraform
+func deployTerraform(t *testing.T, workingDir string, Variables map[string]interface{}) *terraform.ResourceCount {
+
+	// The values to pass into the terraform CLI
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+
+		// The path to where our Terraform code is located
+		TerraformDir: workingDir,
+
+		// Variables to pass to our Terraform code using -var options
+		Vars: Variables,
+
+		// Disable colors in Terraform commands so its easier to parse stdout/stderr
+		NoColor: true,
+	})
+
+	// Save the Terraform Options struct, instance name, and instance text so future test stages can use it
+	test_structure.SaveTerraformOptions(t, workingDir, terraformOptions)
+
+	// This will run `terraform init` and `terraform apply` and fail the test if there are any errors
+	out := terraform.InitAndApply(t, terraformOptions)
+	count := terraform.GetResourceCount(t, out)
+
+	return count
+}
+
+// Destroy the resources using Terraform
+func destroyTerraform(t *testing.T, workingDir string) {
+	// Load the Terraform Options saved by the earlier deploy_terraform stage
+	terraformOptions := test_structure.LoadTerraformOptions(t, workingDir)
+
+	out, err := terraform.DestroyE(t, terraformOptions)
+	if err != nil {
+		// fmt.Println(err)
+		terraform.DestroyE(t, terraformOptions)
+	}
+	fmt.Println(out)
+}
diff --git a/aws-observability-terraform/test/sourcemodule/unit_tests.sh b/aws-observability-terraform/test/sourcemodule/unit_tests.sh
new file mode 100644
index 00000000..101cd3d9
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/unit_tests.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+echo "Check requirements"
+
+function check_command()
+{
+    local cmd="$1"
+    if ! command -v ${cmd} > /dev/null 2>&1; then
+        echo "This requires ${cmd} command, please install it first."
+        if [[ "$1" == "terraform" ]]; then
+            echo "You can install using this command on Mac: brew install terraform, Windows: choco install terraform and by downloading binary on other systems."
+        elif [[ "$1" == "tflint" ]]; then
+            echo "You can install using this command on Mac: brew install tflint, Windows: choco install tflint and by downloading binary on other systems."
+        fi
+        exit 1
+    fi
+}
+
+for cmd in terraform tflint; do
+    echo -e "\t- Check command \"$cmd\" exists."
+    check_command $cmd
+done
+
+cd ..
+
+echo "\t- Tflint"
+tflint
+
+echo "\t- Check terraform init"
+terraform init
+
+echo "\t- Check terraform validate"
+terraform validate
+
+echo "\t- Check terraform fmt"
+terraform fmt -write=false -diff=true -check=true
+
+echo "Done. Please review any errors above."
diff --git a/aws-observability-terraform/test/sourcemodule/utils.go b/aws-observability-terraform/test/sourcemodule/utils.go
new file mode 100644
index 00000000..a5137c0a
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/utils.go
@@ -0,0 +1,47 @@
+package test
+
+import (
+	"bufio"
+	"log"
+	"os"
+	"strings"
+)
+
+// AppConfigProperties Map of properties
+type AppConfigProperties map[string]string
+
+// ReadPropertiesFile Read properties file and create a map. This method is used to read the terraform configuration files which are required while running the tests.
+func ReadPropertiesFile(filename string) (AppConfigProperties, error) {
+	config := AppConfigProperties{}
+
+	if len(filename) == 0 {
+		return config, nil
+	}
+	file, err := os.Open(filename)
+	if err != nil {
+		log.Fatal(err)
+		return nil, err
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+		if equal := strings.Index(line, "="); equal >= 0 {
+			if key := strings.TrimSpace(line[:equal]); len(key) > 0 {
+				value := ""
+				if len(line) > equal {
+					value = strings.Replace(strings.TrimSpace(line[equal+1:]), "\"", "", -1)
+				}
+				config[key] = value
+			}
+		}
+	}
+
+	if err := scanner.Err(); err != nil {
+		log.Fatal(err)
+		return nil, err
+	}
+
+	return config, nil
+}
diff --git a/aws-observability-terraform/test/sourcemodule/validateAWS.go b/aws-observability-terraform/test/sourcemodule/validateAWS.go
new file mode 100644
index 00000000..e7c155ad
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/validateAWS.go
@@ -0,0 +1,149 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/cloudformation"
+	"github.com/aws/aws-sdk-go/service/cloudtrail"
+	"github.com/aws/aws-sdk-go/service/cloudwatch"
+	"github.com/aws/aws-sdk-go/service/firehose"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/aws/aws-sdk-go/service/lambda"
+	"github.com/aws/aws-sdk-go/service/s3"
+	"github.com/aws/aws-sdk-go/service/sns"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+)
+
+var (
+	s3session         *s3.S3
+	SNSsession        *sns.SNS
+	IAMsession        *iam.IAM
+	lambdasession     *lambda.Lambda
+	cfSession         *cloudformation.CloudFormation
+	kfSession         *firehose.Firehose
+	cwSession         *cloudwatch.CloudWatch
+	cloudTrailsession *cloudtrail.CloudTrail
+)
+
+const (
+	REGION = "us-east-1"
+)
+
+func init() {
+	s3session = s3.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	SNSsession = sns.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	IAMsession = iam.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	cloudTrailsession = cloudtrail.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	lambdasession = lambda.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	cfSession = cloudformation.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	kfSession = firehose.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+	cwSession = cloudwatch.New(session.Must(session.NewSession(&aws.Config{
+		Region: aws.String(REGION),
+	})))
+}
+
+func validateS3Bucket(t *testing.T, terraformOptions *terraform.Options, bucketName string) (resp *s3.GetBucketAclOutput) {
+	resp, err := s3session.GetBucketAcl(&s3.GetBucketAclInput{
+		Bucket: aws.String(bucketName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateSNSTopic(t *testing.T, terraformOptions *terraform.Options, topicName string) (resp *sns.GetTopicAttributesOutput) {
+	resp, err := SNSsession.GetTopicAttributes(&sns.GetTopicAttributesInput{
+		TopicArn: aws.String(topicName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateSNSsub(t *testing.T, terraformOptions *terraform.Options, subscriptionARN string) (resp *sns.GetSubscriptionAttributesOutput) {
+	resp, err := SNSsession.GetSubscriptionAttributes(&sns.GetSubscriptionAttributesInput{
+		SubscriptionArn: aws.String(subscriptionARN),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateIAMRole(t *testing.T, terraformOptions *terraform.Options, roleName string) (resp *iam.GetRoleOutput) {
+	resp, err := IAMsession.GetRole(&iam.GetRoleInput{
+		RoleName: aws.String(roleName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateCloudTrail(t *testing.T, terraformOptions *terraform.Options, trailName string) (resp *cloudtrail.GetTrailOutput) {
+	resp, err := cloudTrailsession.GetTrail(&cloudtrail.GetTrailInput{
+		Name: aws.String(trailName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateLambda(t *testing.T, terraformOptions *terraform.Options, functionName string) (resp *lambda.GetFunctionOutput) {
+	resp, err := lambdasession.GetFunction(&lambda.GetFunctionInput{
+		FunctionName: aws.String(functionName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateCFStack(t *testing.T, terraformOptions *terraform.Options, stackName string) (resp *cloudformation.DescribeStacksOutput) {
+	resp, err := cfSession.DescribeStacks(&cloudformation.DescribeStacksInput{
+		StackName: aws.String(stackName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateKFstream(t *testing.T, terraformOptions *terraform.Options, streamName string) (resp *firehose.DescribeDeliveryStreamOutput) {
+	resp, err := kfSession.DescribeDeliveryStream(&firehose.DescribeDeliveryStreamInput{
+		DeliveryStreamName: aws.String(streamName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
+
+func validateCWmetricstream(t *testing.T, terraformOptions *terraform.Options, metricStreamName string) (resp *cloudwatch.GetMetricStreamOutput) {
+	resp, err := cwSession.GetMetricStream(&cloudwatch.GetMetricStreamInput{
+		Name: aws.String(metricStreamName),
+	})
+	if err != nil {
+		panic(err)
+	}
+	return resp
+}
diff --git a/aws-observability-terraform/test/sourcemodule/validateSumo.go b/aws-observability-terraform/test/sourcemodule/validateSumo.go
new file mode 100644
index 00000000..c6097c59
--- /dev/null
+++ b/aws-observability-terraform/test/sourcemodule/validateSumo.go
@@ -0,0 +1,56 @@
+package test
+
+import (
+	"encoding/base64"
+	"fmt"
+	"net/url"
+	"testing"
+
+	http_helper "github.com/gruntwork-io/terratest/modules/http-helper"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+var props = loadPropertiesFile("../../examples/sourcemodule/testSource/main.auto.tfvars")
+
+func loadPropertiesFile(file string) map[string]string {
+	props, err := ReadPropertiesFile(file)
+	if err != nil {
+		fmt.Println("Error while reading properties file " + err.Error())
+	}
+	return props
+}
+
+//SumoLogic Environment URL
+var sumologicURL = getSumologicURL()
+
+func getSumologicURL() string {
+	u, _ := url.Parse(getProperty("sumo_api_endpoint"))
+	return u.Scheme + "://" + u.Host
+}
+
+func getProperty(property string) string {
+	return props[property]
+}
+
+var customValidation = func(statusCode int, body string) bool { return statusCode == 200 }
+
+// We are creating admin header because Folder is not visible in case of Admin Recom Folder with share = false, only visible with admin mode
+var headers = map[string]string{"Authorization": "Basic " + base64.StdEncoding.EncodeToString([]byte(getProperty("sumologic_access_id")+":"+getProperty("sumologic_access_key"))), "isAdminMode": "true"}
+
+func validateSumoCollector(t *testing.T, terraformOptions *terraform.Options, collectorID string) {
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/collectors/%s", sumologicURL, collectorID), nil, headers, customValidation, nil)
+}
+
+func validateSumoSource(t *testing.T, terraformOptions *terraform.Options, collectorID string, source string) {
+	// Verify that we get back a 200 OK
+	http_helper.HTTPDoWithCustomValidation(t, "GET", fmt.Sprintf("%s/api/v1/collectors/%v/sources/%v", sumologicURL, collectorID, source), nil, headers, customValidation, nil)
+}
+
+// ValidateResourceCounts is used to validate added, changed and destroyed resource count.
+func AssertResourceCounts(t *testing.T, actualCount *terraform.ResourceCount, countAdd, countChange, countDestroy int) {
+	assert.Equal(t, countAdd, actualCount.Add, "Mismatch in Added resources.")
+	assert.Equal(t, countChange, actualCount.Change, "Mismatch in Changed resources.")
+	assert.Equal(t, countDestroy, actualCount.Destroy, "Mismatch in Destroyed resources.")
+}

From 0b267a354c59c8969442ba5483fe083a9cb4904e Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 1 Jun 2022 18:07:05 +0530
Subject: [PATCH 21/82] Updating App module README

---
 aws-observability-terraform/app-modules/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md
index ff28c30b..0b092c3f 100644
--- a/aws-observability-terraform/app-modules/README.md
+++ b/aws-observability-terraform/app-modules/README.md
@@ -74,6 +74,7 @@
 
 | Name | Description |
 |------|-------------|
+| <a name="output_sumologic_apps_folder"></a> [sumologic\_apps\_folder](#output\_sumologic\_apps\_folder) | This output contains rce Apps. |
 | <a name="output_sumologic_content_alb"></a> [sumologic\_content\_alb](#output\_sumologic\_content\_alb) | This output contains alb App. |
 | <a name="output_sumologic_content_apigateway"></a> [sumologic\_content\_apigateway](#output\_sumologic\_content\_apigateway) | This output contains apigateway App. |
 | <a name="output_sumologic_content_dynamodb"></a> [sumologic\_content\_dynamodb](#output\_sumologic\_content\_dynamodb) | This output contains dynamodb App. |
@@ -105,5 +106,7 @@
 | <a name="output_sumologic_field_nlb"></a> [sumologic\_field\_nlb](#output\_sumologic\_field\_nlb) | This output contains fields required for nlb app. |
 | <a name="output_sumologic_field_overview"></a> [sumologic\_field\_overview](#output\_sumologic\_field\_overview) | This output contains fields required for overview app. |
 | <a name="output_sumologic_field_rds"></a> [sumologic\_field\_rds](#output\_sumologic\_field\_rds) | This output contains fields required for rds app. |
+| <a name="output_sumologic_hierarchy"></a> [sumologic\_hierarchy](#output\_sumologic\_hierarchy) | This output contains rce Apps. |
 | <a name="output_sumologic_metric_rules_nlb"></a> [sumologic\_metric\_rules\_nlb](#output\_sumologic\_metric\_rules\_nlb) | This output contains metric rules required for nlb app. |
 | <a name="output_sumologic_metric_rules_rds"></a> [sumologic\_metric\_rules\_rds](#output\_sumologic\_metric\_rules\_rds) | This output contains metric rules required for rds app. |
+| <a name="output_sumologic_monitors_folder"></a> [sumologic\_monitors\_folder](#output\_sumologic\_monitors\_folder) | This output contains rce Apps. |

From 07f8be9f8822c4d4e2a9f9dacc776d799cc65361 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 1 Jun 2022 18:14:54 +0530
Subject: [PATCH 22/82] updating sumologic teraform provider version and Readme

---
 aws-observability-terraform/README.md                 | 4 ++--
 aws-observability-terraform/app-modules/README.md     | 4 ++--
 aws-observability-terraform/app-modules/versions.tf   | 2 +-
 aws-observability-terraform/source-module/README.md   | 4 ++--
 aws-observability-terraform/source-module/versions.tf | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/aws-observability-terraform/README.md b/aws-observability-terraform/README.md
index 647b7397..02c834d4 100644
--- a/aws-observability-terraform/README.md
+++ b/aws-observability-terraform/README.md
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.14.0 |
 
 ## Modules
 
@@ -57,4 +57,4 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
-| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
+| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md
index 0b092c3f..084a4cd5 100644
--- a/aws-observability-terraform/app-modules/README.md
+++ b/aws-observability-terraform/app-modules/README.md
@@ -4,13 +4,13 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 2.1 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.13.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.14.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.13.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.14.0 |
 | <a name="provider_time"></a> [time](#provider\_time) | n/a |
 
 ## Modules
diff --git a/aws-observability-terraform/app-modules/versions.tf b/aws-observability-terraform/app-modules/versions.tf
index 96b44350..90ca28f5 100644
--- a/aws-observability-terraform/app-modules/versions.tf
+++ b/aws-observability-terraform/app-modules/versions.tf
@@ -7,7 +7,7 @@ terraform {
       version = ">= 2.1"
     }
     sumologic = {
-      version = ">= 2.13.0"
+      version = ">= 2.14.0"
       source  = "SumoLogic/sumologic"
     }
   }
diff --git a/aws-observability-terraform/source-module/README.md b/aws-observability-terraform/source-module/README.md
index f7169348..9616e621 100644
--- a/aws-observability-terraform/source-module/README.md
+++ b/aws-observability-terraform/source-module/README.md
@@ -5,7 +5,7 @@
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.9.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.14.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7.1 |
 
 ## Providers
@@ -15,7 +15,7 @@
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.42.0, < 4.0.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 3.1.0 |
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.9.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.14.0 |
 | <a name="provider_time"></a> [time](#provider\_time) | >= 0.7.1 |
 
 ## Modules
diff --git a/aws-observability-terraform/source-module/versions.tf b/aws-observability-terraform/source-module/versions.tf
index e0d3b9df..daf2ce53 100644
--- a/aws-observability-terraform/source-module/versions.tf
+++ b/aws-observability-terraform/source-module/versions.tf
@@ -7,7 +7,7 @@ terraform {
       version = ">= 3.42.0, < 4.0.0"
     }
     sumologic = {
-      version = ">= 2.9.0"
+      version = ">= 2.14.0"
       source  = "SumoLogic/sumologic"
     }
     time = {

From 6f424739a9c3d4d0613a8570a566efd24a206e29 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 1 Jun 2022 18:18:47 +0530
Subject: [PATCH 23/82] Updating root sumo terraform provider version and
 readme

---
 aws-observability-terraform/README.md   | 2 +-
 aws-observability-terraform/versions.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability-terraform/README.md b/aws-observability-terraform/README.md
index 02c834d4..02b03ae2 100644
--- a/aws-observability-terraform/README.md
+++ b/aws-observability-terraform/README.md
@@ -5,7 +5,7 @@
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.1.0 |
-| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.13.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.14.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.7.1 |
 
 ## Providers
diff --git a/aws-observability-terraform/versions.tf b/aws-observability-terraform/versions.tf
index befb90d4..daf2ce53 100644
--- a/aws-observability-terraform/versions.tf
+++ b/aws-observability-terraform/versions.tf
@@ -7,7 +7,7 @@ terraform {
       version = ">= 3.42.0, < 4.0.0"
     }
     sumologic = {
-      version = ">= 2.13.0"
+      version = ">= 2.14.0"
       source  = "SumoLogic/sumologic"
     }
     time = {

From a3f8e9c13aba33ec7183fbbc10eba917af54e605 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 1 Jun 2022 18:45:44 +0530
Subject: [PATCH 24/82] Updating app-module output var description and README

---
 aws-observability-terraform/app-modules/README.md  | 6 +++---
 aws-observability-terraform/app-modules/outputs.tf | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md
index 084a4cd5..9a948e6d 100644
--- a/aws-observability-terraform/app-modules/README.md
+++ b/aws-observability-terraform/app-modules/README.md
@@ -74,7 +74,7 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_sumologic_apps_folder"></a> [sumologic\_apps\_folder](#output\_sumologic\_apps\_folder) | This output contains rce Apps. |
+| <a name="output_sumologic_apps_folder"></a> [sumologic\_apps\_folder](#output\_sumologic\_apps\_folder) | This output contains AWS Observability Parent App folder. |
 | <a name="output_sumologic_content_alb"></a> [sumologic\_content\_alb](#output\_sumologic\_content\_alb) | This output contains alb App. |
 | <a name="output_sumologic_content_apigateway"></a> [sumologic\_content\_apigateway](#output\_sumologic\_content\_apigateway) | This output contains apigateway App. |
 | <a name="output_sumologic_content_dynamodb"></a> [sumologic\_content\_dynamodb](#output\_sumologic\_content\_dynamodb) | This output contains dynamodb App. |
@@ -106,7 +106,7 @@
 | <a name="output_sumologic_field_nlb"></a> [sumologic\_field\_nlb](#output\_sumologic\_field\_nlb) | This output contains fields required for nlb app. |
 | <a name="output_sumologic_field_overview"></a> [sumologic\_field\_overview](#output\_sumologic\_field\_overview) | This output contains fields required for overview app. |
 | <a name="output_sumologic_field_rds"></a> [sumologic\_field\_rds](#output\_sumologic\_field\_rds) | This output contains fields required for rds app. |
-| <a name="output_sumologic_hierarchy"></a> [sumologic\_hierarchy](#output\_sumologic\_hierarchy) | This output contains rce Apps. |
+| <a name="output_sumologic_hierarchy"></a> [sumologic\_hierarchy](#output\_sumologic\_hierarchy) | This output contains Sumologic Hierarchy. |
 | <a name="output_sumologic_metric_rules_nlb"></a> [sumologic\_metric\_rules\_nlb](#output\_sumologic\_metric\_rules\_nlb) | This output contains metric rules required for nlb app. |
 | <a name="output_sumologic_metric_rules_rds"></a> [sumologic\_metric\_rules\_rds](#output\_sumologic\_metric\_rules\_rds) | This output contains metric rules required for rds app. |
-| <a name="output_sumologic_monitors_folder"></a> [sumologic\_monitors\_folder](#output\_sumologic\_monitors\_folder) | This output contains rce Apps. |
+| <a name="output_sumologic_monitors_folder"></a> [sumologic\_monitors\_folder](#output\_sumologic\_monitors\_folder) | This output contains AWS Observability Monitors folder. |
diff --git a/aws-observability-terraform/app-modules/outputs.tf b/aws-observability-terraform/app-modules/outputs.tf
index 16014fb6..4a26c459 100644
--- a/aws-observability-terraform/app-modules/outputs.tf
+++ b/aws-observability-terraform/app-modules/outputs.tf
@@ -165,15 +165,15 @@ output "sumologic_content_rce" {
 
 output "sumologic_hierarchy" {
   value       = sumologic_hierarchy.awso_hierarchy
-  description = "This output contains rce Apps."
+  description = "This output contains Sumologic Hierarchy."
 }
 
 output "sumologic_apps_folder" {
   value       = sumologic_folder.apps_folder
-  description = "This output contains rce Apps."
+  description = "This output contains AWS Observability Parent App folder."
 }
 
 output "sumologic_monitors_folder" {
   value       = sumologic_monitor_folder.monitor_folder
-  description = "This output contains rce Apps."
+  description = "This output contains AWS Observability Monitors folder."
 }
\ No newline at end of file

From 0106de80f6f1eeb7181114c3b4658f8627f8f846 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Thu, 2 Jun 2022 14:28:53 +0530
Subject: [PATCH 25/82] Alb App app update

---
 aws-observability/json/Alb-App.json | 476 ++++++++++++++++++++--------
 1 file changed, 342 insertions(+), 134 deletions(-)

diff --git a/aws-observability/json/Alb-App.json b/aws-observability/json/Alb-App.json
index df9d0f55..be2a1d1e 100644
--- a/aws-observability/json/Alb-App.json
+++ b/aws-observability/json/Alb-App.json
@@ -8,7 +8,6 @@
             "name": "1. AWS Application Load Balancer - Overview",
             "description": "See the overview of Application load balancer including the requests, healthy and unhealthy host count, target response time, active connections, and client TLS error.",
             "title": "1. AWS Application Load Balancer - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -114,14 +113,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HealthyHostCount Statistic=Average | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -138,14 +140,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=UnHealthyHostCount Statistic=Average | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -162,14 +167,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= TargetConnectionErrorCount Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -186,14 +194,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= NewConnectionCount Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -210,14 +221,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= ActiveConnectionCount Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -234,14 +248,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= RejectedConnectionCount Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -258,14 +275,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ClientTLSNegotiationErrorCount  Statistic=sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -282,24 +302,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -316,14 +342,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=RequestCount Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -340,14 +369,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_4XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -364,14 +396,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| sum(_count) by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -388,14 +423,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetResponseTime Statistic=Average | eval(_value*1000) | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -412,14 +450,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_5XX_Count  Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -436,14 +477,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_4XX_Count  Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -460,14 +504,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HTTPCode_ELB_5XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -484,14 +531,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancer, account, region, namespace\n| sort by ThreatCount",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancer, account, region, namespace\n| sort by ThreatCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -534,11 +584,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -569,7 +619,6 @@
             "name": "1. AWS Application Load Balancer - Response Analysis",
             "description": "See the details of the Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.",
             "title": "1. AWS Application Load Balancer - Response Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -690,14 +739,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=HTTPCode_ELB_5XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -714,14 +766,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where (ElbStatusCode matches \"4*\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -738,14 +793,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where (ElbStatusCode matches \"5*\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -762,14 +820,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where (ElbStatusCode matches \"3*\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| count by ClientIP\n| lookup latitude, longitude from geo://location on ip = ClientIP\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -781,19 +842,22 @@
                     "id": null,
                     "key": "panelPANE-CCFCC1BB99CA3843",
                     "title": "Events - 5XX Response Codes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -810,14 +874,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=HTTPCode_ELB_4XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -834,14 +901,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=HTTPCode_ELB_3XX_Count Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -853,19 +923,22 @@
                     "id": null,
                     "key": "panel848E183B8031884D",
                     "title": "Events - 4XX Response Codes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -877,19 +950,22 @@
                     "id": null,
                     "key": "panel114E4560B4917A43",
                     "title": "Events - 3XX Response Codes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -906,14 +982,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (ElbStatusCode matches \"5*\",1,0) as ELB_5XX\n| if (ElbStatusCode matches \"4*\",1,0) as ELB_4XX\n| if (ElbStatusCode matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancer, Domain, URI\n| limit 20\n| sort by ELB_5XX",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -956,11 +1035,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -991,7 +1070,6 @@
             "name": "2. AWS Application Load Balancer - Target Group Response Analysis",
             "description": "See the details of the Target Group HTTP codes 2XX, 3XX, 4XX, and 5XX by target group, availability zone, and load balancer.",
             "title": "2. AWS Application Load Balancer - Target Group Response Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1121,14 +1199,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| if (TargetStatusCode matches \"5*\",1,0) as Target_5XX\n| if (TargetStatusCode matches \"4*\",1,0) as Target_4XX\n| if (TargetStatusCode matches \"3*\",1,0) as Target_3XX\n| if (TargetStatusCode matches \"2*\",1,0) as Target_2XX\n| sum(Target_5XX) as Target_5XX, sum(Target_4XX) as Target_4XX, sum(Target_3XX) as Target_3XX, sum(Target_2XX) as Target_2XX by loadbalancer, TargetGroup, Domain, URI\n| limit 20\n| sort by Target_5XX, Target_4XX, Target_3XX, Target_2XX",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1145,14 +1226,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_4XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1169,14 +1253,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_2XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1193,14 +1280,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_3XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1212,19 +1302,22 @@
                     "id": null,
                     "key": "panelPANE-2A2CE58CB024284B",
                     "title": "Events - 5XX Response Codes",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"5*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where !isEmpty(TargetGroup)\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(TargetStatusCode matches \"5*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1236,19 +1329,22 @@
                     "id": null,
                     "key": "panelDCE3556190369A4B",
                     "title": "Events - 4XX Response Codes",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"4*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where !isEmpty(TargetGroup)\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(TargetStatusCode matches \"4*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1260,19 +1356,22 @@
                     "id": null,
                     "key": "panel74660D2CA5358B47",
                     "title": "Events - 3XX Response Codes",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"3*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where !isEmpty(TargetGroup)\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(TargetStatusCode matches \"3*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1284,19 +1383,22 @@
                     "id": null,
                     "key": "panelA5A5D6698A94CB4F",
                     "title": "Events - 2XX Response Codes",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(TargetGroup)\n| if(TargetStatusCode matches \"2*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where !isEmpty(TargetGroup)\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(TargetStatusCode matches \"2*\", 1, 0) as TargetErrors \n| timeslice 1m\n| sum(TargetErrors) as TargetErrors by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1313,14 +1415,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_5XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1398,7 +1503,6 @@
             "name": "3. AWS Application Load Balancer - Latency Overview",
             "description": "See the details of latency in your application load balancer by target group, availability zone, and load balancer.",
             "title": "3. AWS Application Load Balancer - Latency Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1468,14 +1572,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetResponseTime Statistic=Average targetgroup=* AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1487,19 +1594,22 @@
                     "id": null,
                     "key": "panelpane-46aba672bb08b846",
                     "title": "Max and Average Total Client Latency by Target Group",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (RequestProcessingTime+TargetProcessingTime+ResponseProcessingTime) as ClientLatency\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by TargetGroup\n| order by MaximumClientLatency",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1511,19 +1621,22 @@
                     "id": null,
                     "key": "panelpane-3ebb85e685bf1b4f",
                     "title": "Max and Average Target Processing Time by Target Group",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(TargetProcessingTime) as AverageTargetProcessingTime, max(TargetProcessingTime) as MaximumTargetProcessingTime by TargetGroup\n| order by MaximumTargetProcessingTime\n\n\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1535,19 +1648,22 @@
                     "id": null,
                     "key": "panelpane-c1ca3098892bea40",
                     "title": "Average Total Client Latency Over Time by Target Group",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (RequestProcessingTime+TargetProcessingTime+ResponseProcessingTime) as ClientLatency\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by TargetGroup ,_timeslice\n| transpose row _timeslice column TargetGroup\n\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1559,19 +1675,22 @@
                     "id": null,
                     "key": "panelpane-c301d958990e694d",
                     "title": "Average Target Processing Time Over Time by Target Group",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(TargetProcessingTime) as AverageTargetProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1632,11 +1751,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1667,7 +1786,6 @@
             "name": "4. AWS Application Load Balancer - Latency Details",
             "description": "See the details of latency in your application load balancer including the average and maximum request and response processing time, by target group and ELB server.",
             "title": "4. AWS Application Load Balancer - Latency Details",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1758,14 +1876,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1782,14 +1903,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, loadbalancer \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancer, TotalProcessTime \n| transpose row _timeslice column loadbalancer\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, loadbalancer \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancer, TotalProcessTime \n| transpose row _timeslice column loadbalancer\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1801,19 +1925,22 @@
                     "id": null,
                     "key": "panelpane-9ce61eae9fc92848",
                     "title": "Events - Average Request Processing Time by ELB Server",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1825,19 +1952,22 @@
                     "id": null,
                     "key": "panelpane-6fda9ea0b259db4f",
                     "title": "Events - Average Response Processing Time by ELB Server",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1849,19 +1979,22 @@
                     "id": null,
                     "key": "panelpane-256726aaafcdba4d",
                     "title": "Events - Average Request Processing Time by Target Group",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1878,14 +2011,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| max(RequestProcessingTime) as MaximumRequestProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| max(RequestProcessingTime) as MaximumRequestProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1902,14 +2038,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(ResponseProcessingTime) as MaximumResponseProcessingTime by _timeslice, loadbalancer\n| transpose row _timeslice column loadbalancer\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1926,14 +2065,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by uri\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20\n\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(RequestProcessingTime) as a1, avg(TargetProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by uri\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20\n\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1945,19 +2087,22 @@
                     "id": null,
                     "key": "panelPANE-BCC4A01F93DBD84C",
                     "title": "Events - Average Response Processing Time by Target Group",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup\n",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and TargetProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, TargetGroup\n| transpose row _timeslice column TargetGroup\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2000,11 +2145,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2035,7 +2180,6 @@
             "name": "5. AWS Application Load Balancer - Connections and Host Status",
             "description": "See the details of request and host status including the average unhealthy host count, and healthy host count by target group, availability zone, and load balancer, and request count, outliers in requests by backend, and requests by target.",
             "title": "5. AWS Application Load Balancer - Connections and Host Status",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2125,14 +2269,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=UnHealthyHostCount Statistic=Average AvailabilityZone=* TargetGroup=* | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2149,14 +2296,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetConnectionErrorCount Statistic=Sum AvailabilityZone=* TargetGroup=* | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2173,14 +2323,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ActiveConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2197,14 +2350,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= NewConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2221,14 +2377,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} AvailabilityZone=* metric=RejectedConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2281,14 +2440,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ClientTLSNegotiationErrorCount Statistic=Sum  AvailabilityZone=* | sum by account, region, namespace, loadbalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2305,14 +2467,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=TargetTLSNegotiationErrorCount Statistic=Sum  AvailabilityZone=* TargetGroup=* | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2329,14 +2494,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=HealthyHostCount Statistic=Average AvailabilityZone=* TargetGroup=* | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, AvailabilityZone, TargetGroup ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2379,11 +2547,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2414,7 +2582,6 @@
             "name": "6. AWS Application Load Balancer - Requests and Processed Bytes",
             "description": "See the details of requests and Processed bytes for your application load balancer.",
             "title": "6. AWS Application Load Balancer - Requests and Processed Bytes",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2496,14 +2663,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetIp\n| outlier _count by TargetIp threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, TargetIp, _count \n| transpose row _timeslice column TargetIp",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2520,14 +2690,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetIp\n| outlier _count by TargetIp threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(TargetIp)\n| fields _timeslice, TargetIp, _count \n| transpose row _timeslice column TargetIp",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2544,14 +2717,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetGroup\n| outlier _count by TargetGroup threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, TargetGroup, _count \n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2568,14 +2744,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, TargetGroup\n| outlier _count by TargetGroup threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, TargetGroup, _count \n| transpose row _timeslice column TargetGroup",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2592,14 +2771,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= RequestCount TargetGroup=* statistic=sum | sum by account, region, namespace, loadbalancer, TargetGroup",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2616,14 +2798,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric=ProcessedBytes Statistic=Sum | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2658,14 +2843,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(ReceivedBytes) as ReceivedBytes by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2682,14 +2870,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Target \"*:*\" as TargetIp, TargetPort nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(SentBytes) as SentBytes by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2732,11 +2923,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2767,7 +2958,6 @@
             "name": "7. AWS Application Load Balancer - Threat Intel",
             "description": "See the details of IP threats including the count, location, and highly malicious IP threats.",
             "title": "7. AWS Application Load Balancer - Threat Intel",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2833,14 +3023,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence) \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2857,14 +3050,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2881,14 +3077,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2900,19 +3099,22 @@
                     "id": null,
                     "key": "panelpane-c605d948852ffb48",
                     "title": "Malicious Confidence",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp\n| where type=\"ip_address\" and !isNull(MaliciousConfidence) \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2929,14 +3131,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp\n| where  type=\"ip_address\" and !isNull(MaliciousConfidence) \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude from geo://location on ip = ClientIp\n| count by latitude, longitude\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2953,14 +3158,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3003,11 +3211,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/applicationelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/applicationelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,

From c7314b81ba02f2bd151d14e07fac656db9fdafb3 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Thu, 2 Jun 2022 14:57:40 +0530
Subject: [PATCH 26/82] remove test cases for rce dashboards

---
 aws-observability-terraform/examples/appmodule/output.tf  | 8 ++++----
 .../examples/appmodule/versions.tf                        | 2 +-
 .../test/appmodule/validateSumo.go                        | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/aws-observability-terraform/examples/appmodule/output.tf b/aws-observability-terraform/examples/appmodule/output.tf
index 9eb28373..d9195498 100644
--- a/aws-observability-terraform/examples/appmodule/output.tf
+++ b/aws-observability-terraform/examples/appmodule/output.tf
@@ -58,10 +58,10 @@ output "rds_apps_folder_id" {
   description = "This output contains sumologic RDS apps folder."
 }
 
-output "rce_apps_folder_id" {
-  value       = module.sumo-module.sumologic_content_rce.RceApp.id
-  description = "This output contains sumologic Rce apps folder."
-}
+# output "rce_apps_folder_id" {
+#   value       = module.sumo-module.sumologic_content_rce.RceApp.id
+#   description = "This output contains sumologic Rce apps folder."
+# }
 
 output "monitors_folder_id" {
   value       = module.sumo-module.sumologic_monitors_folder.id
diff --git a/aws-observability-terraform/examples/appmodule/versions.tf b/aws-observability-terraform/examples/appmodule/versions.tf
index 75909178..befb90d4 100644
--- a/aws-observability-terraform/examples/appmodule/versions.tf
+++ b/aws-observability-terraform/examples/appmodule/versions.tf
@@ -7,7 +7,7 @@ terraform {
       version = ">= 3.42.0, < 4.0.0"
     }
     sumologic = {
-      version = "= 2.13.0"
+      version = ">= 2.13.0"
       source  = "SumoLogic/sumologic"
     }
     time = {
diff --git a/aws-observability-terraform/test/appmodule/validateSumo.go b/aws-observability-terraform/test/appmodule/validateSumo.go
index 6e86745a..45947ae3 100644
--- a/aws-observability-terraform/test/appmodule/validateSumo.go
+++ b/aws-observability-terraform/test/appmodule/validateSumo.go
@@ -79,8 +79,8 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	nlbFolderID := terraform.Output(t, terraformOptions, "nlb_apps_folder_id")
 	validateSumoLogicAppsFolder(t, terraformOptions, nlbFolderID)
 	// Validate if the RCE App folder is created successfully
-	rceFolderID := terraform.Output(t, terraformOptions, "rce_apps_folder_id")
-	validateSumoLogicAppsFolder(t, terraformOptions, rceFolderID)
+	// rceFolderID := terraform.Output(t, terraformOptions, "rce_apps_folder_id")
+	// validateSumoLogicAppsFolder(t, terraformOptions, rceFolderID)
 	// Validate if the RDS App folder is created successfully
 	rdsFolderID := terraform.Output(t, terraformOptions, "rds_apps_folder_id")
 	validateSumoLogicAppsFolder(t, terraformOptions, rdsFolderID)

From 5cd7f407700443f3358c4904f4bbb4e5584797f2 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Thu, 2 Jun 2022 15:01:44 +0530
Subject: [PATCH 27/82] removing rce dashboards testcases

---
 aws-observability-terraform/examples/appmodule/output.tf   | 5 -----
 aws-observability-terraform/test/appmodule/validateSumo.go | 3 ---
 2 files changed, 8 deletions(-)

diff --git a/aws-observability-terraform/examples/appmodule/output.tf b/aws-observability-terraform/examples/appmodule/output.tf
index d9195498..6b8f5d91 100644
--- a/aws-observability-terraform/examples/appmodule/output.tf
+++ b/aws-observability-terraform/examples/appmodule/output.tf
@@ -58,11 +58,6 @@ output "rds_apps_folder_id" {
   description = "This output contains sumologic RDS apps folder."
 }
 
-# output "rce_apps_folder_id" {
-#   value       = module.sumo-module.sumologic_content_rce.RceApp.id
-#   description = "This output contains sumologic Rce apps folder."
-# }
-
 output "monitors_folder_id" {
   value       = module.sumo-module.sumologic_monitors_folder.id
   description = "This output contains sumologic monitors folder."
diff --git a/aws-observability-terraform/test/appmodule/validateSumo.go b/aws-observability-terraform/test/appmodule/validateSumo.go
index 45947ae3..8dbb9494 100644
--- a/aws-observability-terraform/test/appmodule/validateSumo.go
+++ b/aws-observability-terraform/test/appmodule/validateSumo.go
@@ -78,9 +78,6 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the NLB App folder is created successfully
 	nlbFolderID := terraform.Output(t, terraformOptions, "nlb_apps_folder_id")
 	validateSumoLogicAppsFolder(t, terraformOptions, nlbFolderID)
-	// Validate if the RCE App folder is created successfully
-	// rceFolderID := terraform.Output(t, terraformOptions, "rce_apps_folder_id")
-	// validateSumoLogicAppsFolder(t, terraformOptions, rceFolderID)
 	// Validate if the RDS App folder is created successfully
 	rdsFolderID := terraform.Output(t, terraformOptions, "rds_apps_folder_id")
 	validateSumoLogicAppsFolder(t, terraformOptions, rdsFolderID)

From 21c493db548ba1c51ee06b843e9a54c0cb807775 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Tue, 7 Jun 2022 10:54:10 +0530
Subject: [PATCH 28/82] Updated EC2 Metrics app. Initial checkin for newly
 created dashboards for EC2 cloudwatch metrics.

---
 .../json/EC2-CW-Metrics-App.json              | 4151 +++++++++++++++++
 aws-observability/json/EC2-Metrics-App.json   | 1826 +++++---
 2 files changed, 5389 insertions(+), 588 deletions(-)
 create mode 100644 aws-observability/json/EC2-CW-Metrics-App.json

diff --git a/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability/json/EC2-CW-Metrics-App.json
new file mode 100644
index 00000000..74e22dfb
--- /dev/null
+++ b/aws-observability/json/EC2-CW-Metrics-App.json
@@ -0,0 +1,4151 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS EC2 CW Metrics",
+    "description": "The Sumo Logic App for AWS EC2 (CloudWatch Metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, network, EBS and Health Status Check.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1.1. AWS EC2 Overview (CloudWatch Metrics)",
+            "description": "The AWS EC2 Overview (CloudWatch Metrics) dashboard provides at-a-glance information about a EC2 CPU, instance disk store, network and EBS volume usage along with EC2 instance health status.",
+            "title": "1.1. AWS EC2 Overview (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-99E32CB9B61C9A45",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":35}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":35}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":41}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":41}"
+                    },
+                    {
+                        "key": "panelE18A48F4BDD8A845",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":54}"
+                    },
+                    {
+                        "key": "panel4AF9CB5BBF1B2B41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":54}"
+                    },
+                    {
+                        "key": "panel23347E5FA7F10B43",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":8}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":8}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panel1F5FFC3E8F012849",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":8}"
+                    },
+                    {
+                        "key": "panel75612834BB02184A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-08FF463080A39847",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":47}"
+                    },
+                    {
+                        "key": "panel4EC8EE6AB0E55B4C",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panel297BE38F9ED6C84A",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelB8F8261D9EFA8A4A",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panel097A505789B2E944",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":6,\"y\":20}"
+                    },
+                    {
+                        "key": "panel77B39A53BFAFB841",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":18,\"y\":20}"
+                    },
+                    {
+                        "key": "panel91327F1C8BEF994A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panel25AA94D9ACF85940",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":14}"
+                    },
+                    {
+                        "key": "panel99AF9880B2354B41",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":14}"
+                    },
+                    {
+                        "key": "panel924F530195637847",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelA277F2A9B91D7944",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":14}"
+                    },
+                    {
+                        "key": "panelD19C1EEBAB745B4E",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":14}"
+                    },
+                    {
+                        "key": "panelE0D443CB96023840",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":54}"
+                    },
+                    {
+                        "key": "panelE5F107D5AEFF6B45",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":54}"
+                    },
+                    {
+                        "key": "panel0B5FD12FA18F1B42",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":35}"
+                    },
+                    {
+                        "key": "panelE9A3087B8434B84E",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":35}"
+                    },
+                    {
+                        "key": "panelDF0ABE6C925FDB40",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panel60E15311AE9BBA4E",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelC1FA0CAF9269EA48",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel0788EB058A3A0A42",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panelBA687A6EAAEB6A44",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":28}"
+                    },
+                    {
+                        "key": "panelPANE-933546D1AEA64B4B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelA7AFA5EE967F794D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":48}"
+                    },
+                    {
+                        "key": "panelE6CD1CCBA87F3947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":48}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-99E32CB9B61C9A45",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Disk Read Bytes per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "Disk Write Bytes per Instance Type - Tred",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "Disk Read Ops per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "Disk Write Ops per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE18A48F4BDD8A845",
+                    "title": "Network In (Bytes) per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkIn Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AF9CB5BBF1B2B41",
+                    "title": "Network Out (Bytes) per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkOut Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel23347E5FA7F10B43",
+                    "title": "Dedicated Host CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DedicatedHostCPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "This metrics is available for T3 Dedicated Hosts.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditUsage Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1F5FFC3E8F012849",
+                    "title": "CPU Surplus Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel75612834BB02184A",
+                    "title": "CPU Surplus Credits Charged",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditsCharged Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-08FF463080A39847",
+                    "title": "Network per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel4EC8EE6AB0E55B4C",
+                    "title": "Instance Disk Store per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel297BE38F9ED6C84A",
+                    "title": "EBS Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB8F8261D9EFA8A4A",
+                    "title": "EBS Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteBytes Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel097A505789B2E944",
+                    "title": "EBS Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadOps Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel77B39A53BFAFB841",
+                    "title": "EBS Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteOps Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel91327F1C8BEF994A",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% I/O Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel25AA94D9ACF85940",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% Throughput Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel99AF9880B2354B41",
+                    "title": "Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel924F530195637847",
+                    "title": "Instance Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA277F2A9B91D7944",
+                    "title": "System Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD19C1EEBAB745B4E",
+                    "title": "Metadata No Token",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Sum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=MetadataNoToken Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE0D443CB96023840",
+                    "title": "Network In (Bytes) by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkIn Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE5F107D5AEFF6B45",
+                    "title": "Network Out (Bytes) by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkOut Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0B5FD12FA18F1B42",
+                    "title": "Disk Read Bytes by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE9A3087B8434B84E",
+                    "title": "Disk Write Bytes by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDF0ABE6C925FDB40",
+                    "title": "CPU Utilization per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel60E15311AE9BBA4E",
+                    "title": "Average CPU Utilization per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"CPU Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=CPUUtilization Statistic=average | avg by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC1FA0CAF9269EA48",
+                    "title": "Instances with High CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":60,\"color\":\"#28aa55\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | filter latest > 75 | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0788EB058A3A0A42",
+                    "title": "Instances with Low CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":6,\"color\":\"#28aa55\"},{\"from\":6,\"to\":11,\"color\":\"#f6c851\"},{\"from\":11,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | filter latest <= 10 | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBA687A6EAAEB6A44",
+                    "title": "Average CPU Utilization per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"decimals\":2,\"mode\":\"distribution\"},\"xy\":{\"xDimension\":[],\"yDimension\":[],\"zDimension\":[]},\"color\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Avg CPU Utilization\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=CPUUtilization Statistic=average | avg by instancetype | topk(25, avg)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-933546D1AEA64B4B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                },
+                {
+                    "id": null,
+                    "key": "panelA7AFA5EE967F794D",
+                    "title": "Network InByte Rate per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Network InByte Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false},\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkIn Statistic=sum | sum by account, region, namespace, instancetype | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE6CD1CCBA87F3947",
+                    "title": "Network OutByte Rate per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Network OutByte Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkOut Statistic=sum | sum by account, region, namespace, instancetype | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1.1. AWS EC2 Summary (CloudWatch Metrics)",
+            "description": "The AWS EC2 Summary (CloudWatch Metrics) dashboard provides at-a-glance information about a EC2 CPU, instance disk store, network and EBS volume usage along with EC2 instance health status.",
+            "title": "1.1. AWS EC2 Summary (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-99E32CB9B61C9A45",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":28}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":28}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":28}"
+                    },
+                    {
+                        "key": "panelE18A48F4BDD8A845",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":35}"
+                    },
+                    {
+                        "key": "panel4AF9CB5BBF1B2B41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":35}"
+                    },
+                    {
+                        "key": "panel7939D784A8ED6B4C",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":35}"
+                    },
+                    {
+                        "key": "panel3CA672A682E7BB43",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":35}"
+                    },
+                    {
+                        "key": "panel23347E5FA7F10B43",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":2}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":2}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panel1F5FFC3E8F012849",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":2}"
+                    },
+                    {
+                        "key": "panel75612834BB02184A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-D0BB869785134841",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-FEB8135A9882C944",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-E3E100D38FD11943",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelC0673D08917CA840",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":21}"
+                    },
+                    {
+                        "key": "panel9BD802CAB6A36B49",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":21}"
+                    },
+                    {
+                        "key": "panelC0CFDA649A609B4F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":21}"
+                    },
+                    {
+                        "key": "panel4464C0CCB5FECA41",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panel2E7A7A0F8FA34A4B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-10781F7B8A9BE94E",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-8571E3AB9C52FA42",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-401D8D0595682B4B",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-1A2AF48AAA2A3943",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-70D6345E81FDCB44",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-17E24068A4CE184B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-95A872A391466848",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-05EE1E8FB23C084B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-99E32CB9B61C9A45",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Disk Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "Disk Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "Disk Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "Disk Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE18A48F4BDD8A845",
+                    "title": "Network In (Bytes)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AF9CB5BBF1B2B41",
+                    "title": "Network Out (Bytes)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7939D784A8ED6B4C",
+                    "title": "Network Packets In",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3CA672A682E7BB43",
+                    "title": "Network Packets Out",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel23347E5FA7F10B43",
+                    "title": "Dedicated Host CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DedicatedHostCPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "This metrics is available for T3 Dedicated Hosts.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditUsage Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1F5FFC3E8F012849",
+                    "title": "CPU Surplus Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel75612834BB02184A",
+                    "title": "CPU Surplus Credits Charged",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditsCharged Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-D0BB869785134841",
+                    "title": "Instance Disk Store",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FEB8135A9882C944",
+                    "title": "Network",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E3E100D38FD11943",
+                    "title": "EBS Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC0673D08917CA840",
+                    "title": "EBS Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9BD802CAB6A36B49",
+                    "title": "EBS Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC0CFDA649A609B4F",
+                    "title": "EBS Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4464C0CCB5FECA41",
+                    "title": "EBS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel2E7A7A0F8FA34A4B",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"CPU Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-10781F7B8A9BE94E",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% I/O Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8571E3AB9C52FA42",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% Throughput Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-401D8D0595682B4B",
+                    "title": "Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"0\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1A2AF48AAA2A3943",
+                    "title": "Status Check Failed Instance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"0\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-70D6345E81FDCB44",
+                    "title": "Status Check Failed System",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"0\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-17E24068A4CE184B",
+                    "title": "Instance Detail Stats",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"decimals\":2,\"mode\":\"distribution\"},\"xy\":{\"xDimension\":[],\"yDimension\":[],\"zDimension\":[]},\"color\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"CPU Utilization\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"EBSIOBalance%\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"EBSByteBalance%\"}}],\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-95A872A391466848",
+                    "title": "Metadata No Token",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Sum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=MetadataNoToken Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-05EE1E8FB23C084B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2.1. AWS EC2 CPU (CloudWatch Metrics)",
+            "description": "The AWS EC2 CPU (CloudWatch Metrics) dashboard provides details information about a EC2 CPU usage like CPU utilization and CPU credits for burstable performance instances.",
+            "title": "2.1. AWS EC2 CPU (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":23}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panel9A20F551B8599842",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panel5CED8523A924FA47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-918CA9B3A4DBD842",
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel32656D81BBA34B41",
+                        "structure": "{\"height\":4,\"width\":24,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panel97632A7ABFC8E947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelBC1EBF42BDD99940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelD897B984B24EEB41",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panel4208674EAEFC8A4E",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-4AFBCF8DA8530A4E",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "CPU Surplus Credit Balance",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditBalance Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "CPU Surplus Credits Charged",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditsCharged Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9A20F551B8599842",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Percent\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5CED8523A924FA47",
+                    "title": "Dedicated Host Average CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Percent\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DedicatedHostCPUUtilization Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-918CA9B3A4DBD842",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* CPUUtilization: The percentage of allocated EC2 compute units that are currently in use on the instance.\n* DedicatedHostCPUUtilization: The percentage of allocated compute capacity that is currently in use by the instances running on the T3 Dedicated Host."
+                },
+                {
+                    "id": null,
+                    "key": "panel32656D81BBA34B41",
+                    "title": "CPU Credits - For Burstable Performance Instances",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* The EC2 burstable instances consist of T4g, T3a and T3 instance types, and the previous generation T2 instance types. \n* For details on these T instances refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html\n* For CPU Credit metrics refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#cpu-credit-metrics"
+                },
+                {
+                    "id": null,
+                    "key": "panel97632A7ABFC8E947",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditUsage Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBC1EBF42BDD99940",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditBalance Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD897B984B24EEB41",
+                    "title": "CPU Surplus Credits (Charged, Balance)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel4208674EAEFC8A4E",
+                    "title": "CPU Credits (Usage, Balance) ",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4AFBCF8DA8530A4E",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3.1. AWS EC2 EBS (CloudWatch Metrics)",
+            "description": "The AWS EC2 EBS (CloudWatch Metrics) dashboard provides details information about a EC2 EBS volumes for Nitro-based instances based on EBS volumes read and write bytes, operations along with information on percentage of I/O and throughput credits remaining in the burst bucket.",
+            "title": "3.1. AWS EC2 EBS (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-99E32CB9B61C9A45",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":4,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panel23347E5FA7F10B43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panel659291A58A5D3845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panel4CDAC73BB3610B44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-04CA3839903A594C",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-ABB12B7EBD0C7842",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":2}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-99E32CB9B61C9A45",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#75bf00\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":0,\"to\":60,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by account, region, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "EBS Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "EBS Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "EBS Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel23347E5FA7F10B43",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#75bf00\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":0,\"to\":60,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by account, region, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "This metrics is available for T3 Dedicated Hosts.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":60,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":60,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"Percent\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":60,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":60,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"Percent\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel659291A58A5D3845",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4CDAC73BB3610B44",
+                    "title": "EBS Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-04CA3839903A594C",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-ABB12B7EBD0C7842",
+                    "title": "Amazon EBS metrics for Nitro-based instances",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* **EBSReadOps, EBSWriteOps**: Completed read, write operations from all Amazon EBS volumes attached to the instance in a specified period of time.\n* **EBSReadBytes, EBSWriteBytes**: Bytes read, write from all EBS volumes attached to the instance in a specified period of time.\n* **EBSIOBalance%**: Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.\n* **EBSByteBalance%**: Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.\n\n"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4.1. AWS EC2 Disk (CloudWatch Metrics)",
+            "description": "The AWS EC2 Disk (CloudWatch Metrics) dashboard provides details information about a EC2 Instance Store Disk usage based on disk read and write bytes, operations.",
+            "title": "4.1. AWS EC2 Disk (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
+                    },
+                    {
+                        "key": "panel9A20F551B8599842",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
+                    },
+                    {
+                        "key": "panel5CED8523A924FA47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
+                    },
+                    {
+                        "key": "panelPANE-918CA9B3A4DBD842",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel32656D81BBA34B41",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel97632A7ABFC8E947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelBC1EBF42BDD99940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelPANE-98034B8AAFD8AB4B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Disk Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "Disk Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "Disk Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "Disk Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9A20F551B8599842",
+                    "title": "Disk Read Bytes Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5CED8523A924FA47",
+                    "title": "Disk Write Bytes Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteBytes  Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-918CA9B3A4DBD842",
+                    "title": "Instance Store - Disk (Bytes)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel32656D81BBA34B41",
+                    "title": "Instance Store - Disk (Operations)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel97632A7ABFC8E947",
+                    "title": "Disk Read Ops Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBC1EBF42BDD99940",
+                    "title": "Disk Write Ops Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-98034B8AAFD8AB4B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5.1. AWS EC2 Network (CloudWatch Metrics)",
+            "description": "The AWS EC2 Network (CloudWatch Metrics) dashboard provides details information about a EC2 Network activities based on In and out packets, bytes.",
+            "title": "5.1. AWS EC2 Network (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelE18A48F4BDD8A845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panel4AF9CB5BBF1B2B41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panel7939D784A8ED6B4C",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panel3CA672A682E7BB43",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
+                    },
+                    {
+                        "key": "panelD1EAF6B587870B4A",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
+                    },
+                    {
+                        "key": "panel369E4E54B891FA45",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
+                    },
+                    {
+                        "key": "panelPANE-0AEEAEAAB56CD841",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelFED57949B8A0DA4F",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel97FBBFDFB46B5A46",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panel8F7D0A4DA064DA4E",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelPANE-B074BD5EA7326A45",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelE18A48F4BDD8A845",
+                    "title": "Network Bytes In",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AF9CB5BBF1B2B41",
+                    "title": "Network Bytes Out",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7939D784A8ED6B4C",
+                    "title": "Network Packets In",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3CA672A682E7BB43",
+                    "title": "Network Packets Out",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD1EAF6B587870B4A",
+                    "title": "Network Bytes In (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false},\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkIn Statistic=sum | sum by account, region, namespace, instanceid | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel369E4E54B891FA45",
+                    "title": "Network Bytes Out (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkOut Statistic=sum | sum by account, region, namespace, instanceid | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-0AEEAEAAB56CD841",
+                    "title": "Network (Bytes)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelFED57949B8A0DA4F",
+                    "title": "Network (Packets)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel97FBBFDFB46B5A46",
+                    "title": "Network Packets In (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0},\"axisY2\":{}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsIn Statistic=sum | sum by account, region, namespace, instanceid | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8F7D0A4DA064DA4E",
+                    "title": "Network Packets Out (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsOut Statistic=sum | sum by account, region, namespace, instanceid | Rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B074BD5EA7326A45",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6.1. AWS EC2 Status Check (CloudWatch Metrics)",
+            "description": "The AWS EC2 Status Check (CloudWatch Metrics) dashboard provides details information about a EC2 instance health check status based on instance, system, and overall health status.",
+            "title": "6.1. AWS EC2 Status Check (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":8,\"y\":12}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":16,\"y\":12}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":7}"
+                    },
+                    {
+                        "key": "panel1F5FFC3E8F012849",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panel659291A58A5D3845",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-CFEE196EBE8B3A47",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelAEE4F5C3A2E0A840",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":7}"
+                    },
+                    {
+                        "key": "panel428AE851BBEFCA4F",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panel5B78F6CDB323DB47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-93ECF7FDA914084E",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Instance Status Check - Failed/Passed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Instance Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Fail\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Pass\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "System Status Check - Failed/Passed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Instance Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Fail\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Pass\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System  Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System  Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "System Status Check - Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Fail Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\",\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "Instance Status Check - Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Fail Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\",\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1F5FFC3E8F012849",
+                    "title": "Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Fail Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\",\"rounding\":0,\"useBackgroundColor\":false},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel659291A58A5D3845",
+                    "title": "Status Check - Failed / Passed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Instance Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Fail\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Pass\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CFEE196EBE8B3A47",
+                    "title": "Status Check",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* **StatusCheckFailed**: Reports whether the instance has passed both the instance status check and the system status check in the last minute.\n* **StatusCheckFailed_Instance**: Reports whether the instance has passed the instance status check in the last minute.\n* **StatusCheckFailed_System**: Reports whether the instance has passed the system status check in the last minute.\n\nThis status check metric value can be either 0 (passed) or 1 (failed).\n\n"
+                },
+                {
+                    "id": null,
+                    "key": "panelAEE4F5C3A2E0A840",
+                    "title": "Status Check Passed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false},\"label\":\"Pass Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel428AE851BBEFCA4F",
+                    "title": "Instance Status Check - Passed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Pass Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5B78F6CDB323DB47",
+                    "title": "System Status Check - Passed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Pass Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-93ECF7FDA914084E",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index 082ffc19..0e428b6a 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -1,14 +1,13 @@
 {
     "type": "FolderSyncDefinition",
     "name": "AWS EC2 Metrics",
-    "description": "The Sumo Logic App for AWS EC2 Metrics allows you to collect your EC2 instance metrics and display them using predefined search queries and Dashboards. The App provides Dashboards to display analysis of EC2 instance metrics for cpu, disk, memory, network.",
+    "description": "The Sumo Logic App for AWS EC2 (Host OS metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, memory, network, TCP.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "1. AWS EC2 Metrics - Overview",
-            "description": "The AWS EC2 Metrics - Overview dashboard provides at-a-glance information about a EC2 CPU, memory, network and disk usage.",
-            "title": "1. AWS EC2 Metrics - Overview",
-            "rootPanel": null,
+            "name": "1.2. AWS EC2 Overview (Host OS metrics)",
+            "description": "The AWS EC2 Overview (Host OS metrics) dashboard provides at-a-glance information about a EC2 CPU, memory, network and disk usage.",
+            "title": "1.2. AWS EC2 Overview (Host OS metrics)",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -40,83 +39,87 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-b03ffbbdb0b59b4d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}"
                     },
                     {
                         "key": "panelpane-73159cd48a30e84d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}"
                     },
                     {
                         "key": "panelpane-7c0398e384ef0b4b",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":30}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":32}"
                     },
                     {
                         "key": "panelpane-2a01fd42b58b994e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":30}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":32}"
                     },
                     {
                         "key": "panelpane-21f9df3286d4d843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":36}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":38}"
                     },
                     {
                         "key": "panelpane-b0342f51a88b2a47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":36}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":38}"
                     },
                     {
                         "key": "panelpane-2f4529faa0fcc94e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":42}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":44}"
                     },
                     {
                         "key": "panelpane-909c4962a7e08843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":42}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":44}"
                     },
                     {
                         "key": "panelpane-33b218968b91a845",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":14}"
                     },
                     {
                         "key": "panelpane-481cfaaf957d7842",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":14}"
                     },
                     {
                         "key": "panelpane-d3677624bfee3b41",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":20}"
                     },
                     {
                         "key": "panelpane-cea7ffdeb458fb4e",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":20}"
                     },
                     {
                         "key": "panelpane-33ac098a81186b4e",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":14}"
                     },
                     {
                         "key": "panelpane-9d0a24618eef0a4e",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":20}"
                     },
                     {
                         "key": "panelpane-1e29da5dbd267a45",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":14}"
                     },
                     {
                         "key": "panelPANE-2061037A94244A4B",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
                     },
                     {
                         "key": "panelPANE-DE8ED3CB8CEBF849",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
                     },
                     {
                         "key": "panel2F40FE32B1ED8A48",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
                     },
                     {
                         "key": "panel092B86A6AF75C942",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
                     },
                     {
                         "key": "panelE292F5CA9886CA4E",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelPANE-669661608BAAEB4B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -130,14 +133,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Idle account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg by instanceType",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -154,34 +160,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_1min | avg by metric",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_5min | avg by metric",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_15min | avg by metric",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -198,14 +213,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Free | sum by instanceType",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -222,14 +240,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualUsed | sum by instanceType",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -246,14 +267,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Used | sum by instanceType",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -270,14 +294,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Available | sum by instanceType",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -289,19 +316,22 @@
                     "id": null,
                     "key": "panelpane-2f4529faa0fcc94e",
                     "title": "Network InByte Rate per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network InByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network InByte Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceType | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceType | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -313,19 +343,22 @@
                     "id": null,
                     "key": "panelpane-909c4962a7e08843",
                     "title": "Network OutByte Rate per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"wrap\":true,\"enabled\":true},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network OutByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"wrap\":true,\"enabled\":true},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network OutByte Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceType | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceType | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -342,14 +375,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -366,14 +402,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -390,14 +429,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= TCP_InboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -414,14 +456,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= TCP_OutboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -438,14 +483,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Net_InBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -462,14 +510,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Net_OutBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -486,14 +537,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Sys account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | eval(_value/_value) | quantize to 60m using count | count by instancetype",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -510,14 +564,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | filter latest > 75 | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -534,14 +591,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | filter latest > 75 | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -558,14 +618,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | filter latest <= 10 | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -582,14 +645,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | filter latest <= 10 | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -606,20 +672,32 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} | avg by instancetype | topk(25, avg)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
                     "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-669661608BAAEB4B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -656,11 +734,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -688,10 +766,9 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "1. AWS EC2 Metrics - Summary",
-            "description": "The AWS EC2 Metrics - Summary dashboard provides at-a-glance information about a EC2 CPU, memory, network and disk usage.",
-            "title": "1. AWS EC2 Metrics - Summary",
-            "rootPanel": null,
+            "name": "1.2. AWS EC2 Summary (Host OS metrics)",
+            "description": "The AWS EC2 Summary (Host OS metrics) dashboard provides at-a-glance information about a EC2 CPU, memory, network and disk usage.",
+            "title": "1.2. AWS EC2 Summary (Host OS metrics)",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -723,59 +800,63 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-b03ffbbdb0b59b4d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":5}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
                     },
                     {
                         "key": "panelpane-73159cd48a30e84d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":5}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}"
                     },
                     {
                         "key": "panelpane-7c0398e384ef0b4b",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":11}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
                     },
                     {
                         "key": "panelpane-2a01fd42b58b994e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":11}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
                     },
                     {
                         "key": "panelpane-21f9df3286d4d843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":17}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":19}"
                     },
                     {
                         "key": "panelpane-b0342f51a88b2a47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":17}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19}"
                     },
                     {
                         "key": "panelpane-909c4962a7e08843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":23}"
-                    },
-                    {
-                        "key": "panelpane-33b218968b91a845",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25}"
                     },
                     {
                         "key": "panelpane-481cfaaf957d7842",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":0}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":2}"
                     },
                     {
                         "key": "panelpane-d3677624bfee3b41",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":0}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":2}"
                     },
                     {
                         "key": "panelpane-cea7ffdeb458fb4e",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":0}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":2}"
                     },
                     {
                         "key": "panelpane-33ac098a81186b4e",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":0}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":2}"
                     },
                     {
                         "key": "panelpane-9d0a24618eef0a4e",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":2}"
                     },
                     {
                         "key": "panel92B3F2A48B5DCA4F",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":23}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-60B5D586941BE849",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-8F83BD319926A843",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -789,14 +870,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=CPU_Idle account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -813,34 +897,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_1min | avg by metric",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_5min | avg by metric",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_15min | avg by metric",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -857,14 +950,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Free | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -881,14 +977,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualUsed | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -905,14 +1004,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Used | sum by account, region, namespace, instanceid, dirname, devname",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -929,14 +1031,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Available | sum by account, region, namespace, instanceid, dirname, devname",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -948,43 +1053,22 @@
                     "id": null,
                     "key": "panelpane-909c4962a7e08843",
                     "title": "Network OutByte Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"wrap\":true,\"enabled\":true},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network OutByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid | rate",
-                            "queryType": "Metrics",
-                            "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelpane-33b218968b91a845",
-                    "title": "CPU Utilization",
-                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"legend\":{\"wrap\":true,\"enabled\":true},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network OutByte Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "metric=CPU_Total account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1001,14 +1085,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1025,14 +1112,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= TCP_InboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1049,14 +1139,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= TCP_OutboundTotal account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1073,14 +1166,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Net_InBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1097,14 +1193,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric= Net_OutBytes account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg | eval _value/1024/1024",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1116,25 +1215,64 @@
                     "id": null,
                     "key": "panel92B3F2A48B5DCA4F",
                     "title": "Network InByte Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network InByte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Network InByte Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-60B5D586941BE849",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "metric=CPU_Total account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
                     "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8F83BD319926A843",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -1171,11 +1309,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1203,16 +1341,12 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "2. AWS EC2 Metrics - CPU",
-            "description": "The AWS EC2 Metrics - CPU dashboard provides details information about a EC2 CPU usage.",
-            "title": "2. AWS EC2 Metrics - CPU",
-            "rootPanel": null,
+            "name": "2. AWS EC2 - Events",
+            "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
+            "title": "2. AWS EC2 - Events",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
-                    "instanceid": [
-                        "*"
-                    ],
                     "namespace": [
                         "aws/ec2"
                     ],
@@ -1237,57 +1371,100 @@
                 "layoutType": "Grid",
                 "layoutStructures": [
                     {
-                        "key": "panelpane-b8fdf6e2b8c1d843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                        "key": "panelPANE-9A6827ADAFD40B48",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":10}"
                     },
                     {
-                        "key": "panelpane-faa47ec2a6e5d947",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                        "key": "panel808FD9FD8BFB6846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}"
                     },
                     {
-                        "key": "panelpane-c59320268cdb7a49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                        "key": "panelPANE-F6D67170A3207848",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":0}"
                     },
                     {
-                        "key": "panelpane-88f4336192c38b49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                        "key": "panelPANE-55BA9CD690905848",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":18}"
                     },
                     {
-                        "key": "panelpane-373635dab1b6b944",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                        "key": "panelE1BCBDE685FB3944",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
                     },
                     {
-                        "key": "panelpane-1902994c9e385941",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                        "key": "panelPANE-4D66006086774A44",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":10}"
                     },
                     {
-                        "key": "panelpane-29ddbf5e98aa884e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                        "key": "panelPANE-829F6ADB86227949",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":39}"
+                    },
+                    {
+                        "key": "panel1DA5F9AA9C03F945",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":32}"
+                    },
+                    {
+                        "key": "panelPANE-C6B1C1249FED294C",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":23}"
+                    },
+                    {
+                        "key": "panel422C79CD944AC840",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":10}"
+                    },
+                    {
+                        "key": "panelB86F7C84926F1844",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panelABB275868F4B2A44",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":18}"
+                    },
+                    {
+                        "key": "panelA10E415491CA1B4F",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-4B95C387A7D03B47",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":45}"
+                    },
+                    {
+                        "key": "panelF999E9E5A6591B41",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panelC8228A47A6D3DA4D",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":23}"
+                    },
+                    {
+                        "key": "panelPANE-4022F95385542A46",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":31}"
                     },
                     {
-                        "key": "panelpane-46c987c099bacb4c",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                        "key": "panelD9E5828D86D12941",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":38}"
                     }
                 ]
             },
             "panels": [
                 {
                     "id": null,
-                    "key": "panelpane-b8fdf6e2b8c1d843",
-                    "title": "CPU User Time",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panelPANE-9A6827ADAFD40B48",
+                    "title": "Event Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_User | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_status\n| sort by _count, event_status asc",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1297,21 +1474,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-faa47ec2a6e5d947",
-                    "title": "CPU Nice Time",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panel808FD9FD8BFB6846",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Nice | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1321,21 +1501,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-c59320268cdb7a49",
-                    "title": "CPU Kernel Time",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panelPANE-F6D67170A3207848",
+                    "title": "Successful Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Sys | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1345,21 +1528,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-88f4336192c38b49",
-                    "title": "CPU Time Servicing Interrupts",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panelPANE-55BA9CD690905848",
+                    "title": "Events Types Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Irq | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1369,21 +1555,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-373635dab1b6b944",
-                    "title": "CPU Time Servicing SoftIrqs",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panelE1BCBDE685FB3944",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= CPU_SoftIrq | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1393,21 +1582,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-1902994c9e385941",
-                    "title": "CPU Idle Time",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panelPANE-4D66006086774A44",
+                    "title": "Top 10 Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Idle | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1417,21 +1609,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-29ddbf5e98aa884e",
-                    "title": "CPU Involuntary Wait Time",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panelPANE-829F6ADB86227949",
+                    "title": "Latest Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= CPU_Stolen | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1441,217 +1636,51 @@
                 },
                 {
                     "id": null,
-                    "key": "panelpane-46c987c099bacb4c",
-                    "title": "CPU IO Wait Time",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "key": "panel1DA5F9AA9C03F945",
+                    "title": "Latest Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_IOWait | sum by account, region, namespace, instanceid",
-                            "queryType": "Metrics",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
                     "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
-                }
-            ],
-            "variables": [
-                {
-                    "id": null,
-                    "name": "account",
-                    "displayName": null,
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
-                        "key": "account"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
                 },
                 {
                     "id": null,
-                    "name": "region",
-                    "displayName": null,
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}}",
-                        "key": "region"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                },
-                {
-                    "id": null,
-                    "name": "namespace",
-                    "displayName": null,
-                    "defaultValue": "aws/ec2",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
-                        "key": "namespace"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                },
-                {
-                    "id": null,
-                    "name": "instanceid",
-                    "displayName": null,
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
-                        "key": "instanceid"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                }
-            ],
-            "coloringRules": []
-        },
-        {
-            "type": "DashboardV2SyncDefinition",
-            "name": "3. AWS EC2 - Events",
-            "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
-            "title": "3. AWS EC2 - Events",
-            "rootPanel": null,
-            "theme": "Light",
-            "topologyLabelMap": {
-                "data": {
-                    "namespace": [
-                        "aws/ec2"
-                    ],
-                    "region": [
-                        "*"
-                    ],
-                    "account": [
-                        "*"
-                    ]
-                }
-            },
-            "refreshInterval": 0,
-            "timeRange": {
-                "type": "BeginBoundedTimeRange",
-                "from": {
-                    "type": "RelativeTimeRangeBoundary",
-                    "relativeTime": "-1d"
-                },
-                "to": null
-            },
-            "layout": {
-                "layoutType": "Grid",
-                "layoutStructures": [
-                    {
-                        "key": "panelPANE-9A6827ADAFD40B48",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":10}"
-                    },
-                    {
-                        "key": "panel808FD9FD8BFB6846",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}"
-                    },
-                    {
-                        "key": "panelPANE-F6D67170A3207848",
-                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":0}"
-                    },
-                    {
-                        "key": "panelPANE-55BA9CD690905848",
-                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":18}"
-                    },
-                    {
-                        "key": "panelE1BCBDE685FB3944",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
-                    },
-                    {
-                        "key": "panelPANE-4D66006086774A44",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":10}"
-                    },
-                    {
-                        "key": "panelPANE-829F6ADB86227949",
-                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":39}"
-                    },
-                    {
-                        "key": "panel1DA5F9AA9C03F945",
-                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":32}"
-                    },
-                    {
-                        "key": "panelPANE-C6B1C1249FED294C",
-                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":23}"
-                    },
-                    {
-                        "key": "panel422C79CD944AC840",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":10}"
-                    },
-                    {
-                        "key": "panelB86F7C84926F1844",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":10}"
-                    },
-                    {
-                        "key": "panelABB275868F4B2A44",
-                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":18}"
-                    },
-                    {
-                        "key": "panelA10E415491CA1B4F",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":23}"
-                    },
-                    {
-                        "key": "panelPANE-4B95C387A7D03B47",
-                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":45}"
-                    },
-                    {
-                        "key": "panelF999E9E5A6591B41",
-                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":0}"
-                    },
-                    {
-                        "key": "panelC8228A47A6D3DA4D",
-                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":23}"
-                    },
-                    {
-                        "key": "panelPANE-4022F95385542A46",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":31}"
-                    },
-                    {
-                        "key": "panelD9E5828D86D12941",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":38}"
-                    }
-                ]
-            },
-            "panels": [
-                {
-                    "id": null,
-                    "key": "panelPANE-9A6827ADAFD40B48",
-                    "title": "Event Status",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
+                    "key": "panelPANE-C6B1C1249FED294C",
+                    "title": "Top 10 AssumedRole  Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by eventStatus\n| sort by _count, eventStatus asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as count by user\n| sort by count, user asc | limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1661,21 +1690,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panel808FD9FD8BFB6846",
-                    "title": "Successful Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "key": "panel422C79CD944AC840",
+                    "title": "Top Events Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isBlank(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by event_name\n| sort by count, event_name asc | limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1685,21 +1717,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-F6D67170A3207848",
-                    "title": "Successful Event Locations",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "key": "panelB86F7C84926F1844",
+                    "title": "Event Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\",  if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1709,21 +1744,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-55BA9CD690905848",
-                    "title": "Events Types Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "key": "panelABB275868F4B2A44",
+                    "title": "Events Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_status\n| transpose row _timeslice column event_status",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1733,21 +1771,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelE1BCBDE685FB3944",
-                    "title": "Failed Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "key": "panelA10E415491CA1B4F",
+                    "title": "Top 10 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as count by user\n| sort by count, user asc | limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1757,21 +1798,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-4D66006086774A44",
-                    "title": "Top 10 Error Codes",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "key": "panelPANE-4B95C387A7D03B47",
+                    "title": "Events from Known Malicious IP Addresses",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name // , user, user_agent, instanceid\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, instanceid",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1781,21 +1825,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-829F6ADB86227949",
-                    "title": "Latest Failed Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "key": "panelF999E9E5A6591B41",
+                    "title": "Failure Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1805,21 +1852,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panel1DA5F9AA9C03F945",
-                    "title": "Latest Successful Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "key": "panelC8228A47A6D3DA4D",
+                    "title": "Top 10 User Agents",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by user_agent\n| sort by count, user_agent asc | limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1829,21 +1879,165 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-C6B1C1249FED294C",
-                    "title": "Top 10 AssumedRole  Users",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "key": "panelPANE-4022F95385542A46",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Successful Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelD9E5828D86D12941",
+                    "title": "Failure Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Failure Events"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2.2. AWS EC2 CPU (Host OS metrics)",
+            "description": "The AWS EC2 CPU (Host OS metrics) dashboard provides details information about a EC2 CPU usage.",
+            "title": "2.2. AWS EC2 CPU (Host OS metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelpane-b8fdf6e2b8c1d843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelpane-faa47ec2a6e5d947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-c59320268cdb7a49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panelpane-88f4336192c38b49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-373635dab1b6b944",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelpane-1902994c9e385941",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelpane-29ddbf5e98aa884e",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-DF143E118916F949",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-81DC18F39F979843",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelpane-b8fdf6e2b8c1d843",
+                    "title": "CPU User Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as Count by user\n| sort by Count, user asc | limit 10",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_User | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1853,21 +2047,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panel422C79CD944AC840",
-                    "title": "Top Events Types",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "key": "panelpane-faa47ec2a6e5d947",
+                    "title": "CPU Nice Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as Count by event_name\n| sort by Count, event_name asc | limit 10",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Nice | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1877,21 +2074,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelB86F7C84926F1844",
-                    "title": "Event Types",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false}}",
+                    "key": "panelpane-c59320268cdb7a49",
+                    "title": "CPU Kernel Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\",  if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Sys | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1901,21 +2101,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelABB275868F4B2A44",
-                    "title": "Events Status Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
+                    "key": "panelpane-88f4336192c38b49",
+                    "title": "CPU Time Servicing Interrupts",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Irq | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1925,21 +2128,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelA10E415491CA1B4F",
-                    "title": "Top 10 IAM Users",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "key": "panelpane-373635dab1b6b944",
+                    "title": "CPU Time Servicing SoftIrqs",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as Count by user\n| sort by Count, user asc | limit 10",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= CPU_SoftIrq | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1949,21 +2155,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-4B95C387A7D03B47",
-                    "title": "Events from Known Malicious IP Addresses",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "key": "panelpane-1902994c9e385941",
+                    "title": "CPU Idle Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_Idle | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1973,21 +2182,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelF999E9E5A6591B41",
-                    "title": "Failure Event Locations",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "key": "panelpane-29ddbf5e98aa884e",
+                    "title": "CPU Involuntary Wait Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isBlank(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= CPU_Stolen | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1997,21 +2209,24 @@
                 },
                 {
                     "id": null,
-                    "key": "panelC8228A47A6D3DA4D",
-                    "title": "Top 10 User Agents",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "key": "panelPANE-DF143E118916F949",
+                    "title": "CPU IO Wait Time",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Percentage\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as event_count by user_agent\n| sort by event_count, user_agent asc | limit 10",
-                            "queryType": "Logs",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_IOWait | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2021,21 +2236,12 @@
                 },
                 {
                     "id": null,
-                    "key": "panelPANE-4022F95385542A46",
-                    "title": "Successful Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "TextPanel",
-                    "text": "Successful Events"
-                },
-                {
-                    "id": null,
-                    "key": "panelD9E5828D86D12941",
-                    "title": "Failure Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "key": "panelPANE-81DC18F39F979843",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "Failure Events"
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -2076,8 +2282,23 @@
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
-                        "key": "namespace"
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
@@ -2089,10 +2310,9 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "3. AWS EC2 Metrics - Memory",
-            "description": "The AWS EC2 Metrics - Memory dashboard provides details information about a EC2 memory usage.",
-            "title": "3. AWS EC2 Metrics - Memory",
-            "rootPanel": null,
+            "name": "3.2. AWS EC2 Memory (Host OS metrics)",
+            "description": "The AWS EC2 Memory (Host OS metrics) dashboard provides details information about a EC2 memory usage.",
+            "title": "3.2. AWS EC2 Memory (Host OS metrics)",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2124,27 +2344,31 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-efa308ec98ca9a47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
                     },
                     {
                         "key": "panelpane-51fa4586b262ea45",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
                     },
                     {
                         "key": "panelpane-f40f828787debb4b",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
                     },
                     {
                         "key": "panelpane-f77ed3b9a7469a41",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
                     },
                     {
                         "key": "panelpane-14a8edc8a9082a44",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
                     },
                     {
                         "key": "panelpane-fd78c765b827f940",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-6B4E2CE18CB63944",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -2158,14 +2382,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Total | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2182,24 +2409,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_UsedPercent | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric= Mem_FreePercent | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2216,14 +2449,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualFree | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2240,14 +2476,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_ActualUsed | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2264,14 +2503,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Free | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2288,20 +2530,32 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Mem_Used | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
                     "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6B4E2CE18CB63944",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -2338,11 +2592,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2370,10 +2624,9 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "4. AWS EC2 Metrics - Disk",
-            "description": "The AWS EC2 Metrics - Disk dashboard provides details information about a EC2 Disk usage.",
-            "title": "4. AWS EC2 Metrics - Disk",
-            "rootPanel": null,
+            "name": "4.2. AWS EC2 Disk (Host OS metrics)",
+            "description": "The AWS EC2 Disk (Host OS metrics) dashboard provides details information about a EC2 Disk usage.",
+            "title": "4.2. AWS EC2 Disk (Host OS metrics)",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2405,35 +2658,63 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-f5adc9cfa7ab084e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
                     },
                     {
                         "key": "panelpane-fbbffe38bcd87a4d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
                     },
                     {
                         "key": "panelpane-74ec11c0b1d21845",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panelpane-972ecae0a835ab49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":28}"
                     },
                     {
                         "key": "panelpane-e941049387bcc843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
                     },
                     {
                         "key": "panelpane-24a34d858564ca43",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":28}"
                     },
                     {
                         "key": "panelPANE-7940D0AEBE753846",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
                     },
                     {
                         "key": "panelPANE-A8BE6B8FB2B93A44",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-83E140288B3B9A48",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel888DBB5FA4FA294E",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panel28D28566BBFD3B4C",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-60752DE0A8D6184C",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelF655848EA2E3D843",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
+                    },
+                    {
+                        "key": "panel2358A1BAB0241A42",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panel9F7F10FE8C8B484F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":28,\"minHeight\":3,\"minWidth\":3}"
                     }
                 ]
             },
@@ -2447,14 +2728,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Used | sum by account, region, namespace, instanceid, dirname, devname",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2471,14 +2755,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Available | sum by account, region, namespace, instanceid, dirname, devname",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2490,19 +2777,22 @@
                     "id": null,
                     "key": "panelpane-74ec11c0b1d21845",
                     "title": "Disk Read Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Reads | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Reads | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2514,19 +2804,22 @@
                     "id": null,
                     "key": "panelpane-972ecae0a835ab49",
                     "title": "Disk Read Byte Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Byte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Byte Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_ReadBytes | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_ReadBytes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2538,19 +2831,22 @@
                     "id": null,
                     "key": "panelpane-e941049387bcc843",
                     "title": "Disk Write Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Writes | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Writes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2562,19 +2858,22 @@
                     "id": null,
                     "key": "panelpane-24a34d858564ca43",
                     "title": "Disk Write Byte Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Byte Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Byte Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_WriteBytes | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_WriteBytes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2591,14 +2890,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=Disk_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | sum by account, region, namespace, instanceid, dirname, devname",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2615,14 +2917,152 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "metric=Disk_Queue account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | sum by account, region, namespace, instanceid, dirname, devname",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-83E140288B3B9A48",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                },
+                {
+                    "id": null,
+                    "key": "panel888DBB5FA4FA294E",
+                    "title": "Disk Read",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Operations\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Reads | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel28D28566BBFD3B4C",
+                    "title": "Disk Read Byte",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_ReadBytes | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-60752DE0A8D6184C",
+                    "title": "Disk Read, Write (Operations)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelF655848EA2E3D843",
+                    "title": "Disk Write",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Operations\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_Writes | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2358A1BAB0241A42",
+                    "title": "Disk Read, Write (Bytes)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel9F7F10FE8C8B484F",
+                    "title": "Disk Write Byte",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Disk_WriteBytes | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2665,11 +3105,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2697,10 +3137,9 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "5. AWS EC2 Metrics - Network",
-            "description": "The AWS EC2 Metrics - Network dashboard provides details information about a EC2 Network activities based on In and out packets, bytes.",
-            "title": "5. AWS EC2 Metrics - Network",
-            "rootPanel": null,
+            "name": "5.2. AWS EC2 Network (Host OS metrics)",
+            "description": "The AWS EC2 Network (Host OS metrics) dashboard provides details information about a EC2 Network activities based on In and out packets, bytes.",
+            "title": "5.2. AWS EC2 Network (Host OS metrics)",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2732,19 +3171,47 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-aae783508eb33b4b",
-                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":18}"
                     },
                     {
                         "key": "panelpane-38312cc29dd88a45",
-                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":18}"
                     },
                     {
                         "key": "panelpane-256276e180045843",
-                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":9}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelpane-f0bf2577bbe6ba48",
-                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":9}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":3}"
+                    },
+                    {
+                        "key": "panelPANE-6721BD51887F684F",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-CEAEA20CA5CBCA4A",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-1FD6EE6CB9C8B949",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelD31811DD9ADB8842",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":10}"
+                    },
+                    {
+                        "key": "panel0010AA82AEFC3842",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":10}"
+                    },
+                    {
+                        "key": "panel560A181992908B47",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panel5B0F35BAB437E845",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":18,\"minHeight\":3,\"minWidth\":3}"
                     }
                 ]
             },
@@ -2753,19 +3220,22 @@
                     "id": null,
                     "key": "panelpane-aae783508eb33b4b",
                     "title": "Network InPacket Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InPackets | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InPackets | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2777,19 +3247,22 @@
                     "id": null,
                     "key": "panelpane-38312cc29dd88a45",
                     "title": "Network OutPacket Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutPackets | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutPackets | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2801,19 +3274,22 @@
                     "id": null,
                     "key": "panelpane-256276e180045843",
                     "title": "Network InByte Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2825,19 +3301,157 @@
                     "id": null,
                     "key": "panelpane-f0bf2577bbe6ba48",
                     "title": "Network OutByte Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Rate\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid | rate",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid | rate increasing",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-6721BD51887F684F",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CEAEA20CA5CBCA4A",
+                    "title": "Network (Bytes)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1FD6EE6CB9C8B949",
+                    "title": "Network (Packets)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelD31811DD9ADB8842",
+                    "title": "Network InByte",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InBytes | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0010AA82AEFC3842",
+                    "title": "Network OutByte",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutBytes | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel560A181992908B47",
+                    "title": "Network InPacket",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Packets\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_InPackets | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5B0F35BAB437E845",
+                    "title": "Network OutPacket",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Packets\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=Net_OutPackets | sum by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2880,11 +3494,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2912,10 +3526,9 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "6. AWS EC2 Metrics - TCP",
-            "description": "The AWS EC2 Metrics - TCP dashboard provides details information about a EC2 connection details.",
-            "title": "6. AWS EC2 Metrics - TCP",
-            "rootPanel": null,
+            "name": "6.2. AWS EC2 TCP (Host OS metrics)",
+            "description": "The AWS EC2 TCP (Host OS metrics) dashboard provides details information about a EC2 connection details.",
+            "title": "6.2. AWS EC2 TCP (Host OS metrics)",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2947,35 +3560,39 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-17ee2e37b6eccb47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
                     },
                     {
                         "key": "panelpane-c24a86f4a132b84c",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
                     },
                     {
                         "key": "panelpane-820b2a5db0d45848",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
                     },
                     {
                         "key": "panelpane-d8ac2293bd568940",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
                     },
                     {
                         "key": "panelpane-ef64ec5dbc991840",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
                     },
                     {
                         "key": "panelpane-35dcff5392216a4f",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
                     },
                     {
                         "key": "panelPANE-EC5685348CE70A41",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
                     },
                     {
                         "key": "panelPANE-B10542A88EB87840",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-3DF23A5780C32B4B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -2989,14 +3606,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_InboundTotal | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3013,14 +3633,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_OutboundTotal | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3037,14 +3660,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Listen | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3061,14 +3687,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Established | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3085,14 +3714,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_CloseWait ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3109,14 +3741,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_TimeWait | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3133,14 +3768,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Idle | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3157,20 +3795,32 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=TCP_Close | sum by account, region, namespace, instanceid",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
                     "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-3DF23A5780C32B4B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -3207,11 +3857,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/ec2",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,

From b257b823532e8eece30164f327395b2f8ece733d Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Tue, 7 Jun 2022 13:54:30 +0530
Subject: [PATCH 29/82] Two app jsons are now used for deploying EC2 apps (host
 metric os and cloudwatch metrics). Updated README files.

---
 .../app-modules/apigateway/README.md                        | 1 +
 .../app-modules/ec2metrics/README.md                        | 1 +
 aws-observability-terraform/app-modules/ec2metrics/app.tf   | 6 +++++-
 aws-observability-terraform/app-modules/rds/README.md       | 1 +
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/aws-observability-terraform/app-modules/apigateway/README.md b/aws-observability-terraform/app-modules/apigateway/README.md
index 60d902ca..89dfca52 100644
--- a/aws-observability-terraform/app-modules/apigateway/README.md
+++ b/aws-observability-terraform/app-modules/apigateway/README.md
@@ -27,6 +27,7 @@ No resources.
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      recipients            = list(string),<br>      subject               = string,<br>      time_zone             = string,<br>      message_body          = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
+| <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |
 | <a name="input_monitors_disabled"></a> [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no |
 
diff --git a/aws-observability-terraform/app-modules/ec2metrics/README.md b/aws-observability-terraform/app-modules/ec2metrics/README.md
index 2ba03218..6d97f8be 100644
--- a/aws-observability-terraform/app-modules/ec2metrics/README.md
+++ b/aws-observability-terraform/app-modules/ec2metrics/README.md
@@ -27,6 +27,7 @@ No resources.
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      recipients            = list(string),<br>      subject               = string,<br>      time_zone             = string,<br>      message_body          = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
+| <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |
 | <a name="input_monitors_disabled"></a> [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no |
 
diff --git a/aws-observability-terraform/app-modules/ec2metrics/app.tf b/aws-observability-terraform/app-modules/ec2metrics/app.tf
index f4137f4a..a00b39e9 100644
--- a/aws-observability-terraform/app-modules/ec2metrics/app.tf
+++ b/aws-observability-terraform/app-modules/ec2metrics/app.tf
@@ -47,7 +47,11 @@ module "ec2metrics_module" {
     "EC2MetricsApp" = {
       content_json = join("", [var.json_file_directory_path, "/aws-observability/json/EC2-Metrics-App.json"])
       folder_id    = var.app_folder_id
-    }
+    },
+    "EC2CWMetricsApp" = {
+      content_json = join("", [var.json_file_directory_path, "/aws-observability/json/EC2-CW-Metrics-App.json"])
+      folder_id    = var.app_folder_id
+    },
   }
 
   # ********************** Monitors ********************** #
diff --git a/aws-observability-terraform/app-modules/rds/README.md b/aws-observability-terraform/app-modules/rds/README.md
index 0bba02ec..28cb064e 100644
--- a/aws-observability-terraform/app-modules/rds/README.md
+++ b/aws-observability-terraform/app-modules/rds/README.md
@@ -27,6 +27,7 @@ No resources.
 | <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      recipients            = list(string),<br>      subject               = string,<br>      time_zone             = string,<br>      message_body          = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
 | <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
 | <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
+| <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
 | <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |
 | <a name="input_monitors_disabled"></a> [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no |
 

From a00a3c8aa0bcd75bf9a9c5e9b66dcdef3767c221 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Tue, 7 Jun 2022 15:16:17 +0530
Subject: [PATCH 30/82] Initial checkin for installing AWS EC2 CW metric
 dashboards json with CF template.

---
 .../ec2metrics/ec2_metrics_app.template.yaml  | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml
index 0136d39e..1921ed7a 100755
--- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml
+++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml
@@ -178,6 +178,25 @@ Resources:
       location: !Ref Section5aAppInstallLocation
       share: !Ref Section5bShare
       orgid: !Ref Section1eOrgId
+  
+  sumoAppCW:
+    Type: Custom::App
+    Condition: install_app
+    DependsOn: sumoApp
+    Properties:
+      ServiceToken: !Ref Section3aParentStackLambdaARN
+      Region: !Ref "AWS::Region"
+      AppName: "AWS Observability EC2 CloudWatch Metrics App"
+      FolderName: !Sub "AWS Observability ${Section3cNestedTemplateVersion} "
+      RetainOldAppOnUpdate: true
+      RemoveOnDeleteStack: !Ref Section1dRemoveSumoResourcesOnDeleteStack
+      SumoAccessID: !Ref Section1bSumoAccessID
+      SumoAccessKey: !Ref Section1cSumoAccessKey
+      SumoDeployment: !Ref Section1aSumoDeployment
+      AppJsonS3Url: !Sub "https://${Section3bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section3cNestedTemplateVersion}/appjson/EC2-CW-Metrics-App.json"
+      location: !Ref Section5aAppInstallLocation
+      share: !Ref Section5bShare
+      orgid: !Ref Section1eOrgId
 
   FieldExtractionRule:
     Type: Custom::SumoLogicFieldExtractionRule
@@ -215,7 +234,7 @@ Resources:
   sumoOverview:
     Type: Custom::App
     Condition: install_app
-    DependsOn: sumoApp
+    DependsOn: sumoAppCW
     Properties:
       ServiceToken: !Ref Section3aParentStackLambdaARN
       Region: !Ref "AWS::Region"

From 514ed7b32608bb761f636aa40274dbdd51e5e485 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Fri, 10 Jun 2022 14:38:15 +0530
Subject: [PATCH 31/82] AWSO cf template version updated to AWSO 2.5.0.

---
 aws-observability/apps/alb/alb_app.template.yaml              | 2 +-
 .../apps/apigateway/api_gateway_app.template.yaml             | 2 +-
 aws-observability/apps/autoenable/auto_enable.template.yaml   | 2 +-
 .../apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml    | 2 +-
 aws-observability/apps/common/resources.template.yaml         | 2 +-
 .../apps/controltower/controltower.template.yaml              | 4 ++--
 aws-observability/apps/dynamodb/dynamodb_app.template.yaml    | 2 +-
 .../apps/ec2metrics/ec2_metrics_app.template.yaml             | 2 +-
 aws-observability/apps/ecs/ecs_app.template.yaml              | 2 +-
 .../apps/elasticache/elasticache_app.template.yaml            | 2 +-
 aws-observability/apps/elb/elb_app.template.yaml              | 2 +-
 .../hostmetricsfields/host_metrics_add_fields.template.yaml   | 2 +-
 aws-observability/apps/lambda/lambda_app.template.yaml        | 2 +-
 aws-observability/apps/nlb/nlb_app.template.yaml              | 2 +-
 .../permissionchecker/permissioncheck.nested.template.yaml    | 2 +-
 .../apps/permissionchecker/permissioncheck.template.yaml      | 4 ++--
 aws-observability/apps/rds/rds_app.template.yaml              | 2 +-
 .../apps/rootcause/rootcauseexplorer.template.yaml            | 2 +-
 .../templates/sumologic_observability.master.template.yaml    | 4 ++--
 19 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/aws-observability/apps/alb/alb_app.template.yaml b/aws-observability/apps/alb/alb_app.template.yaml
index e60c6b5e..0972bdf3 100755
--- a/aws-observability/apps/alb/alb_app.template.yaml
+++ b/aws-observability/apps/alb/alb_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the ALB app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the ALB app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/apigateway/api_gateway_app.template.yaml b/aws-observability/apps/apigateway/api_gateway_app.template.yaml
index 276bd27b..b89f7202 100755
--- a/aws-observability/apps/apigateway/api_gateway_app.template.yaml
+++ b/aws-observability/apps/apigateway/api_gateway_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the API Gateway app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the API Gateway app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml
index e7399a10..df644c74 100644
--- a/aws-observability/apps/autoenable/auto_enable.template.yaml
+++ b/aws-observability/apps/autoenable/auto_enable.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup Auto Enable ALB Access Logging and Lambda Auto Subscribe Log Groups for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup Auto Enable ALB Access Logging and Lambda Auto Subscribe Log Groups for AWS Observability Solution."
 
 Parameters:
   SumoLogicResourceRemoveOnDeleteStack:
diff --git a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml
index 4b4537d2..34562419 100644
--- a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml
+++ b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to Setup Sumo Logic CloudWatch Metric Source. The template setup CW Metrics Sources for Namespaces."
+Description: "Version - v2.5.0: Template to Setup Sumo Logic CloudWatch Metric Source. The template setup CW Metrics Sources for Namespaces."
 
 Parameters:
   SumoLogicDeployment:
diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml
index 6694b6dc..33913dd4 100755
--- a/aws-observability/apps/common/resources.template.yaml
+++ b/aws-observability/apps/common/resources.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to Setup Sumo Logic Sources and supporting AWS Resources for CloudTrail, ALB, Lambda CloudWatch Logs and CloudWatch Metrics."
+Description: "Version - v2.5.0: Template to Setup Sumo Logic Sources and supporting AWS Resources for CloudTrail, ALB, Lambda CloudWatch Logs and CloudWatch Metrics."
 
 Parameters:
   SumoLogicDeployment:
diff --git a/aws-observability/apps/controltower/controltower.template.yaml b/aws-observability/apps/controltower/controltower.template.yaml
index 68850da2..0df61f4b 100644
--- a/aws-observability/apps/controltower/controltower.template.yaml
+++ b/aws-observability/apps/controltower/controltower.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: AWS::Serverless-2016-10-31
-Description: "Version - v2.4.0: The Template should be deployed in Master account. This template setup the Lambda trigger for new account created using AWS Control Tower Account Factory process. The Lambda install the AWS Observability CF template on the regions of new AWS account using stack Sets. (MPCT-ibieokba)"
+Description: "Version - v2.5.0: The Template should be deployed in Master account. This template setup the Lambda trigger for new account created using AWS Control Tower Account Factory process. The Lambda install the AWS Observability CF template on the regions of new AWS account using stack Sets. (MPCT-ibieokba)"
 
 Globals:
   Function:
@@ -212,7 +212,7 @@ Resources:
           from botocore.exceptions import ClientError
 
           name = 'SUMO-LOGIC-AWS-OBSERVABILITY'
-          templateURL = "https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.4.0/sumologic_observability.master.template.yaml"
+          templateURL = "https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.5.0/sumologic_observability.master.template.yaml"
           ALL = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"]
 
 
diff --git a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml
index 7379b9d6..ef1e316a 100755
--- a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml
+++ b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the DynamoDB app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the DynamoDB app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml
index 1921ed7a..94a917ab 100755
--- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml
+++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the EC2 Metrics app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the EC2 Metrics app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   AWS::CloudFormation::Interface:
diff --git a/aws-observability/apps/ecs/ecs_app.template.yaml b/aws-observability/apps/ecs/ecs_app.template.yaml
index a02c4a1f..b32dc9f1 100755
--- a/aws-observability/apps/ecs/ecs_app.template.yaml
+++ b/aws-observability/apps/ecs/ecs_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the ECS app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the ECS app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/elasticache/elasticache_app.template.yaml b/aws-observability/apps/elasticache/elasticache_app.template.yaml
index 8ef6ad3d..70589b0f 100755
--- a/aws-observability/apps/elasticache/elasticache_app.template.yaml
+++ b/aws-observability/apps/elasticache/elasticache_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the ElastiCache app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the ElastiCache app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml
index 133e556c..db8834d3 100755
--- a/aws-observability/apps/elb/elb_app.template.yaml
+++ b/aws-observability/apps/elb/elb_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the ELB classic app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the ELB classic app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml
index 404c3f3d..2270e04a 100644
--- a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml
+++ b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Description: "Version - v2.4.0: Lambda Function to add fields to host metrics sources based on the available instances in all regions of the current AWS account."
+Description: "Version - v2.5.0: Lambda Function to add fields to host metrics sources based on the available instances in all regions of the current AWS account."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/lambda/lambda_app.template.yaml b/aws-observability/apps/lambda/lambda_app.template.yaml
index d9ff4199..23a340b2 100755
--- a/aws-observability/apps/lambda/lambda_app.template.yaml
+++ b/aws-observability/apps/lambda/lambda_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the Lambda app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the Lambda app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/nlb/nlb_app.template.yaml b/aws-observability/apps/nlb/nlb_app.template.yaml
index 3eaf8611..3b362bc5 100755
--- a/aws-observability/apps/nlb/nlb_app.template.yaml
+++ b/aws-observability/apps/nlb/nlb_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the NLB app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the NLB app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml
index bacc2703..cc645b85 100644
--- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml
+++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Description: "Version - v2.4.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template."
+Description: "Version - v2.5.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template."
 Transform: 'AWS::Serverless-2016-10-31'
 
 Metadata:
diff --git a/aws-observability/apps/permissionchecker/permissioncheck.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.template.yaml
index f37dc28a..d1fa9028 100644
--- a/aws-observability/apps/permissionchecker/permissioncheck.template.yaml
+++ b/aws-observability/apps/permissionchecker/permissioncheck.template.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Description: "Version - v2.4.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template."
+Description: "Version - v2.5.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template."
 Transform: 'AWS::Serverless-2016-10-31'
 
 Metadata:
@@ -58,7 +58,7 @@ Mappings:
   CommonData:
     NestedTemplate:
       BucketName: "sumologic-appdev-aws-sam-apps"
-      Version: "v2.4.0"
+      Version: "v2.5.0"
 
 Resources:
 
diff --git a/aws-observability/apps/rds/rds_app.template.yaml b/aws-observability/apps/rds/rds_app.template.yaml
index 6874332b..03588769 100755
--- a/aws-observability/apps/rds/rds_app.template.yaml
+++ b/aws-observability/apps/rds/rds_app.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the RDS app with AWS and Sumo Logic resources for AWS Observability Solution."
+Description: "Version - v2.5.0: Template to setup the RDS app with AWS and Sumo Logic resources for AWS Observability Solution."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
index e5273391..0d0bc0a9 100755
--- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
+++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: 'AWS::Serverless-2016-10-31'
-Description: "Version - v2.4.0: Template to setup the Sumo Logic AWS Inventory Source and Root Cause Explorer app."
+Description: "Version - v2.5.0: Template to setup the Sumo Logic AWS Inventory Source and Root Cause Explorer app."
 
 Metadata:
   'AWS::CloudFormation::Interface':
diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml
index b203d910..6c9c1ea9 100755
--- a/aws-observability/templates/sumologic_observability.master.template.yaml
+++ b/aws-observability/templates/sumologic_observability.master.template.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Description: "Version - v2.4.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability"
+Description: "Version - v2.5.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability"
 
 Metadata:
   'AWS::CloudFormation::Interface':
@@ -461,7 +461,7 @@ Mappings:
   CommonData:
     NestedTemplate:
       BucketName: "sumologic-appdev-aws-sam-apps"
-      Version: "v2.4.0"
+      Version: "v2.5.0"
     CollectorDetails:
       SumoLogicAccountID: 926226587429
       CollectorNamePrefix: "aws-observability"

From 09ad5d7c0976e0bf143e213cfb5e96fd8872dcc7 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Fri, 10 Jun 2022 16:35:57 +0530
Subject: [PATCH 32/82] RCE Dashboard deprecation from CF

---
 .../rootcause/rootcauseexplorer.template.yaml | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
index 0d0bc0a9..bf889c43 100755
--- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
+++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
@@ -358,23 +358,23 @@ Resources:
       SumoAccessKey: !Ref Section1cSumoAccessKey
       SumoDeployment: !Ref Section1aSumoDeployment
 
-  sumoOverview:
-    Type: Custom::App
-    Condition: install_app
-    Properties:
-      ServiceToken: !Ref Section5aParentStackLambdaARN
-      Region: !Ref "AWS::Region"
-      AppName: "AWS Observability Overview App Tsat"
-      FolderName: !Sub "AWS Observability ${Section5cNestedTemplateVersion} "
-      RetainOldAppOnUpdate: true
-      RemoveOnDeleteStack: !Ref Section1eRemoveSumoResourcesOnDeleteStack
-      SumoAccessID: !Ref Section1bSumoAccessID
-      SumoAccessKey: !Ref Section1cSumoAccessKey
-      SumoDeployment: !Ref Section1aSumoDeployment
-      AppJsonS3Url: !Sub "https://${Section5bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section5cNestedTemplateVersion}/appjson/Rce-App.json"
-      location: !Ref Section6aAppInstallLocation
-      share: !Ref Section6bShare
-      orgid: !Ref Section1fOrgId
+  # sumoOverview:
+  #   Type: Custom::App
+  #   Condition: install_app
+  #   Properties:
+  #     ServiceToken: !Ref Section5aParentStackLambdaARN
+  #     Region: !Ref "AWS::Region"
+  #     AppName: "AWS Observability Overview App Tsat"
+  #     FolderName: !Sub "AWS Observability ${Section5cNestedTemplateVersion} "
+  #     RetainOldAppOnUpdate: true
+  #     RemoveOnDeleteStack: !Ref Section1eRemoveSumoResourcesOnDeleteStack
+  #     SumoAccessID: !Ref Section1bSumoAccessID
+  #     SumoAccessKey: !Ref Section1cSumoAccessKey
+  #     SumoDeployment: !Ref Section1aSumoDeployment
+  #     AppJsonS3Url: !Sub "https://${Section5bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section5cNestedTemplateVersion}/appjson/Rce-App.json"
+  #     location: !Ref Section6aAppInstallLocation
+  #     share: !Ref Section6bShare
+  #     orgid: !Ref Section1fOrgId
 
   CloudTrailDevOps:
     Type: Custom::App

From ae0bd48056f3aaa15952511a9c2e53f5dd569abd Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Mon, 13 Jun 2022 18:58:53 +0530
Subject: [PATCH 33/82] Fixed one query, optimized, applied consistent
 namespace filters, updated elasticache app dashboards. Minior update to
 dynamodb app desc.

---
 aws-observability/json/DynamoDb-App.json    |    2 +-
 aws-observability/json/ElastiCache-App.json | 1001 ++++++++++++++-----
 2 files changed, 735 insertions(+), 268 deletions(-)

diff --git a/aws-observability/json/DynamoDb-App.json b/aws-observability/json/DynamoDb-App.json
index d3ab795c..9294746f 100644
--- a/aws-observability/json/DynamoDb-App.json
+++ b/aws-observability/json/DynamoDb-App.json
@@ -1,7 +1,7 @@
 {
     "type": "FolderSyncDefinition",
     "name": "AWS DynamoDB",
-    "description": "The Sumo App for Amazon DynamoDB is using both logs and metrics to provide operational insights into your DynamoDB. The App includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB instances.",
+    "description": "The Sumo Logic App for Amazon DynamoDB is using both logs and metrics to provide operational insights into your DynamoDB. The App includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, latency, and help you plan the capacity of your DynamoDB instances.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
diff --git a/aws-observability/json/ElastiCache-App.json b/aws-observability/json/ElastiCache-App.json
index 79c72e22..156f5290 100644
--- a/aws-observability/json/ElastiCache-App.json
+++ b/aws-observability/json/ElastiCache-App.json
@@ -1,14 +1,13 @@
 {
     "type": "FolderSyncDefinition",
     "name": "Amazon ElastiCache",
-    "description": "Amazon ElastiCache allows you to set up, run, and scale popular open-source compatible in-memory data stores in the cloud. \n\nThe Amazon ElastiCache dashboards provide visibility into key event and performance analytics that enable proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics. The dashboards also have additional performance insights for Redis clusters.",
+    "description": "The Sumo Logic App for Amazon ElastiCache allows you to set up, run, and scale popular open-source compatible in-memory data stores in the cloud. \n\nThe Amazon ElastiCache dashboards provide visibility into key event and performance analytics that enable proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics. The dashboards also have additional performance insights for Redis clusters.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
             "name": "1. Amazon ElastiCache - Host Performance Details",
             "description": "The Amazon ElastiCache - Host Performance Details dashboard shows an overview of the resource utilization for a given ElastiCache cluster across its nodes and also showcases trends around CPU, memory, swap usage and network traffic.",
             "title": "1. Amazon ElastiCache - Host Performance Details",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -86,14 +85,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -110,14 +112,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -129,19 +134,22 @@
                     "id": null,
                     "key": "panelFE6ADF0195E64842",
                     "title": "Network Bytes In",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}} \"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheClusterId, account, region",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -158,14 +166,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -182,14 +193,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=FreeableMemory statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace | eval _value / (1024 * 1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -206,14 +220,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SwapUsage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace | eval _value / (1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -230,14 +247,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -254,14 +274,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -278,34 +301,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=FreeableMemory statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region | eval _value / (1024 * 1024 * 1024) ",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -327,7 +359,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -341,21 +374,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -369,7 +404,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -383,7 +419,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -393,7 +430,6 @@
             "name": "1. Amazon ElastiCache - Host Performance Overview",
             "description": "The Amazon ElastiCache - Host Performance Overview dashboard provides detailed insights into CPU, memory and network performance metrics of hosts running your ElastiCache clusters.",
             "title": "1. Amazon ElastiCache - Host Performance Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -503,14 +539,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / (1024 * 1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -527,14 +566,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -551,14 +593,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -575,14 +620,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -599,14 +647,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=FreeableMemory statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg | eval _value / (1024 * 1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -623,14 +674,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -647,14 +701,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SwapUsage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg | eval _value / (1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -671,14 +728,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / (1024 * 1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -695,14 +755,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / 1000000",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -719,14 +782,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / 1000000",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -738,39 +804,48 @@
                     "id": null,
                     "key": "panelPANE-DE9EBFD69FD53A46",
                     "title": "Bytes In - Today Vs Yesterday",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"Bytes In (Today)\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"},\"axisY2\":{\"title\":\"Bytes In (Yesterday)\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#A | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "((#A-#B)/#B)*100",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -782,39 +857,48 @@
                     "id": null,
                     "key": "panel4A4045BBA3228A4F",
                     "title": "Bytes Out - Today Vs Yesterday",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"Bytes Out (Today)\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"},\"axisY2\":{\"title\":\"Bytes Out (Yesterday)\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#A | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "((#A-#B)/#B)*100",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -826,39 +910,48 @@
                     "id": null,
                     "key": "panel608F10C3A9631A40",
                     "title": "Net Difference of In and Out (Packets) Network Traffic",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_metric=sum(NetworkPacketsIn)\":{\"visible\":true},\"B_metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true},\"C_A.metric=sum(NetworkPacketsIn) metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"PacketsIn\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"PacketsOut\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Net Difference\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Packets In, Out\"},\"axisY2\":{\"title\":\"Net Difference\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_metric=sum(NetworkPacketsIn)\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"PacketsIn\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"PacketsOut\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Net Difference\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#B - #A",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -870,39 +963,48 @@
                     "id": null,
                     "key": "panel622549C5B893994A",
                     "title": "Packets Out - Today Vs Yesterday",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"Packets Out (Today)\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"},\"axisY2\":{\"title\":\"Packets Out (Yesterday)\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#A | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "((#A-#B)/#B)*100",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -914,39 +1016,48 @@
                     "id": null,
                     "key": "panel0E86E8BAA74A8842",
                     "title": "Packets In - Today Vs Yesterday",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"Packets In (Today)\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"},\"axisY2\":{\"title\":\"Packets In (Yesterday)\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Percentage Change\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkPacketsIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#A | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "((#A-#B)/#B)*100",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -958,39 +1069,48 @@
                     "id": null,
                     "key": "panel8E23238D95CBF942",
                     "title": "Net Difference of In and Out (Bytes) Network Traffic",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{\"A_metric=sum(NetworkPacketsIn)\":{\"visible\":true},\"B_metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true},\"C_A.metric=sum(NetworkPacketsIn) metric=sum(NetworkPacketsIn) _timeshift=1d\":{\"visible\":true}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"BytesIn\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"BytesOut\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Net Difference\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes In, Out\"},\"axisY2\":{\"title\":\"Net Difference\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"BytesIn\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"BytesOut\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"axisYType\":\"secondary\",\"displayType\":\"smooth\",\"name\":\"Net Difference\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesIn Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | rate | sum",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NetworkBytesOut Statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#B - #A",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1007,14 +1127,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SwapUsage statistic=Maximum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | max by account, region, namespace, CacheClusterId, CacheNodeId | eval _value / (1024 * 1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1036,7 +1159,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1050,21 +1174,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1078,7 +1204,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1092,7 +1219,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1102,7 +1230,6 @@
             "name": "2. Amazon ElastiCache - Audit Event Overview",
             "description": "The Amazon ElastiCache - Audit Event Overview dashboard provides detailed insights into all events associated with ElastiCache clusters and specifically helps identify changes, errors, users and replication groups.",
             "title": "2. Amazon ElastiCache - Audit Event Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1193,14 +1320,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by eventStatus\n| sort by _count, eventStatus asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count by eventStatus\n| sort by _count, eventStatus asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1217,14 +1347,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by event_name\n| sort by _count, event_name asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count by event_name\n| sort by _count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1241,14 +1374,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1265,14 +1401,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1289,14 +1428,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by event_name\n| sort by _count, event_name asc",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count by event_name\n| sort by _count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1313,14 +1455,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count as Count by error_code | sort by Count, error_code asc | limit 10",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count as Count by error_code | sort by Count, error_code asc | limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1337,14 +1482,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, engine, engine_version\n| sort by _timeslice",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and !isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, engine, engine_version\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1361,14 +1509,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, engine, engine_version\n| sort by _timeslice",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and isEmpty(error_code)\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, engine, engine_version\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1385,14 +1536,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" replicationGroupId\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" \n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| where !isEmpty(replicationgroupid)\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| res_status as Status\n| count as Count by replicationgroupid | sort by Count, replicationgroupid asc | limit 10",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" replicationGroupId\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" \n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| where !isEmpty(replicationgroupid)\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| res_status as Status\n| count as Count by replicationgroupid | sort by Count, replicationgroupid asc | limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1409,14 +1563,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count as Count by type, user\n| sort by Count, type asc, user asc | limit 10",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count as Count by type, user\n| sort by Count, type asc, user asc | limit 10",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1433,14 +1590,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by user, event_name\n| transpose row user column event_name",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count by user, event_name\n| transpose row user column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1452,19 +1612,22 @@
                     "id": null,
                     "key": "panelB86F7C84926F1844",
                     "title": "Event Types",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| if (event_name matches \"*Describe*\" or event_name matches \"*List*\", \"ReadOnly\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"*List*\"), \"Update\", \"Unkown\")) as EventType\n| where EventType<>\"Unknown\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| count by EventType",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| if (event_name matches \"*Describe*\" or event_name matches \"*List*\", \"ReadOnly\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"*List*\"), \"Update\", \"Unkown\")) as EventType\n| where EventType<>\"Unknown\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| count by EventType",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1481,14 +1644,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\" as req_replicationGroupId, req_engine, req_engineVersion nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\" as res_replicationGroupId, res_engine, res_engineVersion, res_status nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| timeslice 1h\n| count by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\"\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| timeslice 1h\n| count by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1510,7 +1676,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1524,21 +1691,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1552,7 +1721,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1566,7 +1736,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1576,7 +1747,6 @@
             "name": "2. Amazon ElastiCache - Redis Performance Details",
             "description": "The Amazon ElastiCache - Redis Performance Details dashboard provides detailed insights into cache hits, keys, replication, connections and failures of Redis ElastiCache clusters.",
             "title": "2. Amazon ElastiCache - Redis Performance Details",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1678,14 +1848,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SaveInProgress statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1702,14 +1875,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheHits statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1726,14 +1902,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheMisses statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1750,14 +1929,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ActiveDefragHits statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1774,14 +1956,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ReplicationBytes statistic=average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1798,14 +1983,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MasterLinkHealthStatus statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": " Primary node sync status with Redis on EC2",
@@ -1822,14 +2010,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=Reclaimed statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1841,19 +2032,22 @@
                     "id": null,
                     "key": "panel531765FA95966846",
                     "title": "Keys Tracked by Redis",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Keys\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"aggregationType\":\"max\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Keys\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{CacheClusterId}}, {{CacheNodeId}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeysTracked statistic=Maximum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | max by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1870,14 +2064,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=DB0AverageTTL statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1894,14 +2091,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CurrConnections statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1918,14 +2118,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ReplicationLag statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1942,14 +2145,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=Evictions statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1966,14 +2172,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NewConnections statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1990,14 +2199,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CurrItems statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2014,14 +2226,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*Failures statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2043,7 +2258,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2057,21 +2273,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2085,7 +2303,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2099,7 +2318,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -2109,7 +2329,6 @@
             "name": "3. Amazon ElastiCache - Redis Command Latency",
             "description": "The Amazon ElastiCache - Redis Command Latency dashboard provides detailed insights into latency of various Redis commands.",
             "title": "3. Amazon ElastiCache - Redis Command Latency",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2263,14 +2482,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2287,14 +2509,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2311,14 +2536,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2335,14 +2563,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2359,14 +2590,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2383,14 +2617,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2407,14 +2644,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2431,14 +2671,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2455,14 +2698,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2479,14 +2725,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2503,14 +2752,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmdsLatency statistic=average CacheClusterId={{CacheClusterId}}  CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2527,14 +2779,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2551,14 +2806,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2575,14 +2833,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2599,14 +2860,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2623,14 +2887,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2647,14 +2914,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2671,14 +2941,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2695,14 +2968,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2719,14 +2995,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2743,14 +3022,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2767,14 +3049,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2791,14 +3076,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2815,14 +3103,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2839,14 +3130,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2863,14 +3157,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2887,14 +3184,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*CmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2911,14 +3211,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*CmdsLatency statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2940,7 +3243,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2954,21 +3258,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2982,7 +3288,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2996,7 +3303,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -3006,7 +3314,6 @@
             "name": "3. Amazon ElastiCache - Redis Performance Overview",
             "description": "The Amazon ElastiCache - Redis Performance Overview dashboard provides an overview into performance, evictions and authentication and authorization failures of ElastiCache Redis clusters.",
             "title": "3. Amazon ElastiCache - Redis Performance Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -3113,14 +3420,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CurrConnections statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3137,14 +3447,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3161,14 +3474,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=DatabaseMemoryUsagePercentage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3185,14 +3501,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ReplicationLag statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3209,14 +3528,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by CacheClusterId, CacheNodeId, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3233,14 +3555,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheHitRate statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg by account, region, namespace, CacheClusterId, CacheNodeId",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3257,14 +3582,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3281,14 +3609,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=AuthenticationFailures statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3305,14 +3636,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EngineCPUUtilization statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3329,14 +3663,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=DatabaseMemoryUsagePercentage statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3353,14 +3690,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CacheHitRate statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3377,14 +3717,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyAuthorizationFailures statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | Sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3401,14 +3744,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=Evictions statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3425,14 +3771,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=NewConnections statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3449,14 +3798,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=MemoryFragmentationRatio statistic=Average CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3473,14 +3825,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=BytesUsedForCache statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum | eval _value / (1024*1024*1024)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3497,14 +3852,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=CommandAuthorizationFailures statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3526,7 +3884,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3540,21 +3899,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3568,7 +3929,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3582,7 +3944,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -3592,7 +3955,6 @@
             "name": "4. Amazon ElastiCache - Audit Event Details",
             "description": "The Amazon ElastiCache - Audit Event Details dashboard provides detailed insights into key operations made on your ElastiCache clusters.",
             "title": "4. Amazon ElastiCache - Audit Event Details",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -3647,14 +4009,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Create* or CreateCacheCluster or CacheClusterProvisioningComplete or AddCacheNodeComplete or IncreaseReplicaCount)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Create*\" or event_name in (\"CreateCacheCluster\", \"CacheClusterProvisioningComplete\", \"AddCacheNodeComplete\", \"IncreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"cacheSubnetGroupName\", \"vpcId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, cachesubnetgroupname, vpcid, snapshotretentionlimit nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, cachesubnetgroupname, vpcid, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, cachesubnetgroupname, vpcid, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Create* or CreateCacheCluster or CacheClusterProvisioningComplete or AddCacheNodeComplete or IncreaseReplicaCount)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Create*\" or event_name in (\"CreateCacheCluster\", \"CacheClusterProvisioningComplete\", \"AddCacheNodeComplete\", \"IncreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"cacheSubnetGroupName\", \"vpcId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, cachesubnetgroupname, vpcid, snapshotretentionlimit nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, cachesubnetgroupname, vpcid, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, cachesubnetgroupname, vpcid, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3671,14 +4036,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Modify* or ModifyCacheCluster or CacheClusterParametersChanged or CacheClusterScalingComplete or CacheClusterSecurityGroupModified or IncreaseReplicaCount or DecreaseReplicaCount)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Modify*\" or event_name in (\"ModifyCacheCluster\", \"CacheClusterParametersChanged\", \"CacheClusterScalingComplete\", \"CacheClusterSecurityGroupModified\", \"IncreaseReplicaCount\", \"DecreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, snapshotretentionlimit nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Modify* or ModifyCacheCluster or CacheClusterParametersChanged or CacheClusterScalingComplete or CacheClusterSecurityGroupModified or IncreaseReplicaCount or DecreaseReplicaCount)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Modify*\" or event_name in (\"ModifyCacheCluster\", \"CacheClusterParametersChanged\", \"CacheClusterScalingComplete\", \"CacheClusterSecurityGroupModified\", \"IncreaseReplicaCount\", \"DecreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, snapshotretentionlimit nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3695,14 +4063,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Delete* or Remove* or Decrease* or RemoveCacheNodeComplete or DeleteCacheClusterComplete or DecreaseReplicaCount or Revoke* or Reset*)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Delete*\" or event_name matches \"Remove*\" or event_name matches \"Decrease*\" or event_name matches \"Revoke*\" or event_name matches \"Reset*\" or event_name in (\"RemoveCacheNodeComplete\", \"DeleteCacheClusterComplete\", \"DecreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, snapshotretentionlimit  nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid //, engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid //, engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Delete* or Remove* or Decrease* or RemoveCacheNodeComplete or DeleteCacheClusterComplete or DecreaseReplicaCount or Revoke* or Reset*)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Delete*\" or event_name matches \"Remove*\" or event_name matches \"Decrease*\" or event_name matches \"Revoke*\" or event_name matches \"Reset*\" or event_name in (\"RemoveCacheNodeComplete\", \"DeleteCacheClusterComplete\", \"DecreaseReplicaCount\"))\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, snapshotretentionlimit  nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| res_status as Status\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid //, engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid //, engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3719,14 +4090,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Reboot* or CacheNodesRebooted)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Reboot*\" or event_name=\"CacheNodesRebooted\")\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"res_cacheClusterStatus\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, res_cacheClusterStatus, snapshotretentionlimit  nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| eventStatus as status\n| where tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" (Reboot* or CacheNodesRebooted)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"elasticache.amazonaws.com\" and (event_name matches \"Reboot*\" or event_name=\"CacheNodesRebooted\")\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| json field=requestParameters \"replicationGroupId\", \"engine\", \"engineVersion\", \"cacheClusterId\" as req_replicationGroupId, req_engine, req_engineVersion, req_cacheClusterId nodrop\n| json field=responseElements \"replicationGroupId\", \"engine\", \"engineVersion\", \"status\", \"cacheClusterId\", \"res_cacheClusterStatus\", \"snapshotRetentionLimit\" as res_replicationGroupId, res_engine, res_engineVersion, res_status, res_cacheClusterId, res_cacheClusterStatus, snapshotretentionlimit  nodrop\n| json field=responseElements \"autoMinorVersionUpgrade\", \"cacheNodeType\", \"numCacheNodes\" as auto_minorversion_upgrade, cachenodetype, numcachenodes nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_replicationGroupId), res_replicationGroupId, req_replicationGroupId) as replicationgroupid\n| if (isEmpty(req_engine), res_engine, req_engine) as engine\n| if (isEmpty(req_engineVersion), res_engineVersion, req_engineVersion) as engine_version\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| eventStatus as status\n| where (tolowercase(cacheclusterid) matches tolowercase(\"{{CacheClusterId}}\")) or IsBlank(cacheclusterid)\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes\n| fields _timeslice, event_name, src_ip, user, type, request_id, user_agent, cacheclusterid, replicationgroupid // , engine, engine_version, snapshotretentionlimit, status, auto_minorversion_upgrade, cachenodetype, numcachenodes, Count\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3748,7 +4122,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3762,21 +4137,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3790,7 +4167,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -3804,7 +4182,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -3814,7 +4193,6 @@
             "name": "4. Amazon ElastiCache - Redis Command Stats",
             "description": "The Amazon ElastiCache - Redis Command Stats dashboard provides detailed insights into the number of commands being performed.",
             "title": "4. Amazon ElastiCache - Redis Command Stats",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -3968,14 +4346,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -3992,14 +4373,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4016,14 +4400,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4040,14 +4427,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4064,14 +4454,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4088,14 +4481,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4112,14 +4508,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4136,14 +4535,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4160,14 +4562,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4184,14 +4589,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4208,14 +4616,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4232,14 +4643,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmds statistic=Sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4256,14 +4670,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4280,14 +4697,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=EvalBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4304,14 +4724,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HashBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4328,14 +4751,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GetTypeCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4352,14 +4778,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetTypeCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4376,14 +4805,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=KeyBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4400,14 +4832,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StringBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4424,14 +4859,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=PubSubBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4448,14 +4886,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4472,14 +4913,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SortedSetBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4496,14 +4940,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=GeoSpatialBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4520,14 +4967,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=HyperLogLogBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4544,14 +4994,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=ListBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4568,14 +5021,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=StreamBasedCmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4592,14 +5048,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*Cmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4616,14 +5075,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=*Cmds statistic=sum CacheClusterId={{CacheClusterId}} CacheNodeId={{CacheNodeId}} | sum by CacheClusterId, CacheNodeId, account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -4645,7 +5107,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4659,21 +5122,23 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/elasticache",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/elasticache",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4687,7 +5152,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -4701,7 +5167,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []

From b5fc1a111d49589ce94f8ba3578e278007155173 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Tue, 14 Jun 2022 21:00:05 +0530
Subject: [PATCH 34/82] removed extra parameters and renamed

---
 .../rootcause/rootcauseexplorer.template.yaml | 67 +++++--------------
 ...mologic_observability.master.template.yaml | 10 ++-
 2 files changed, 20 insertions(+), 57 deletions(-)

diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
index bf889c43..9abd7135 100755
--- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
+++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml
@@ -19,10 +19,9 @@ Metadata:
           default: "App Details - Sumo Logic Collector Configuration"
         Parameters:
           - Section2aInstallApp
-          - Section2bCollectorName
-          - Section2cSumoLogicAccountID
-          - Section2dAccountAlias
-          - Section2eAccountAliasMappingS3URL
+          - Section2bSumoLogicAccountID
+          - Section2cAccountAlias
+          - Section2dAccountAliasMappingS3URL
 
       - Label:
           default: "AWS Inventory Source Details"
@@ -43,8 +42,7 @@ Metadata:
           default: "Local Parameters. Do Not Edit the values."
         Parameters:
           - Section5aParentStackLambdaARN
-          - Section5bTemplatesBucketName
-          - Section5cNestedTemplateVersion
+          - Section5bNestedTemplateVersion
 
       - Label:
           default: "App Installation and sharing"
@@ -68,13 +66,11 @@ Metadata:
 
       Section2aInstallApp:
         default: "Create AWS Root Cause Explorer App"
-      Section2bCollectorName:
-        default: "Collector Name"
-      Section2cSumoLogicAccountID:
+      Section2bSumoLogicAccountID:
         default: "Sumo Logic Account ID"
-      Section2dAccountAlias:
+      Section2cAccountAlias:
         default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts."
-      Section2eAccountAliasMappingS3URL:
+      Section2dAccountAliasMappingS3URL:
         default: "S3 URL of a CSV file that maps AWS Account IDs to an Account Alias"
 
       Section3aCreateAwsInventorySource:
@@ -95,9 +91,7 @@ Metadata:
 
       Section5aParentStackLambdaARN:
         default: "If Any, Lambda ARN from parent Stack"
-      Section5bTemplatesBucketName:
-        default: "Nested Templates Bucket Name"
-      Section5cNestedTemplateVersion:
+      Section5bNestedTemplateVersion:
         default: "Nested Templates Version"
 
       Section6aAppInstallLocation:
@@ -148,24 +142,19 @@ Parameters:
     AllowedValues:
       - 'Yes'
       - 'No'
-
-  Section2bCollectorName:
-    Type: String
-    Description: "Change the collector name to be created else default name will be used."
-    Default: ""
-  Section2cSumoLogicAccountID:
+  Section2bSumoLogicAccountID:
     Type: String
     Description: "Provide the Sumo Logic Account ID for trust relationship."
     Default: ""
 
-  Section2dAccountAlias:
+  Section2cAccountAlias:
     Type: String
     Description: "Provide an Alias for AWS account for identification in Sumo Logic Explorer View, metrics and logs. Please do not include special characters."
     AllowedPattern: "[a-z0-9]*"
     ConstraintDescription: "Alias must only contain lowercase letters, number and length less than or equal to 30 characters."
     MaxLength: 30
 
-  Section2eAccountAliasMappingS3URL:
+  Section2dAccountAliasMappingS3URL:
     Type: String
     Description: "Required only if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts."
     Default: ""
@@ -210,11 +199,7 @@ Parameters:
     Type: String
     Default: "ParentStackLambdaARN"
     Description: Parent Stack Lambda ARN. Do Not Edit the value.
-  Section5bTemplatesBucketName:
-    Type: String
-    AllowedPattern: ".+"
-    Description: Bucket Name for all the nested templates.
-  Section5cNestedTemplateVersion:
+  Section5bNestedTemplateVersion:
     Type: String
     Description: "Provide the version for the nested templates. Default is the latest version."
     AllowedPattern: ".+"
@@ -248,8 +233,6 @@ Conditions:
     - !Condition install_inventory_source
     - !Condition install_xray_source
 
-  # Collector Name Check
-  # collector_name_available: !Not [!Equals [ !Ref Section2bCollectorName, ''] ]
 
 Mappings:
   # Bucket names where the Lambda Zip and Nested Templates are kept. Buckets are present in region, with region as suffix.
@@ -352,30 +335,12 @@ Resources:
       ServiceToken: !GetAtt LambdaHelper.Arn
       Region: !Ref "AWS::Region"
       AccountID: !Ref "AWS::AccountId"
-      AccountAlias: !Ref Section2dAccountAlias
-      AccountAliasMappingS3Url: !Ref Section2eAccountAliasMappingS3URL
+      AccountAlias: !Ref Section2cAccountAlias
+      AccountAliasMappingS3Url: !Ref Section2dAccountAliasMappingS3URL
       SumoAccessID: !Ref Section1bSumoAccessID
       SumoAccessKey: !Ref Section1cSumoAccessKey
       SumoDeployment: !Ref Section1aSumoDeployment
 
-  # sumoOverview:
-  #   Type: Custom::App
-  #   Condition: install_app
-  #   Properties:
-  #     ServiceToken: !Ref Section5aParentStackLambdaARN
-  #     Region: !Ref "AWS::Region"
-  #     AppName: "AWS Observability Overview App Tsat"
-  #     FolderName: !Sub "AWS Observability ${Section5cNestedTemplateVersion} "
-  #     RetainOldAppOnUpdate: true
-  #     RemoveOnDeleteStack: !Ref Section1eRemoveSumoResourcesOnDeleteStack
-  #     SumoAccessID: !Ref Section1bSumoAccessID
-  #     SumoAccessKey: !Ref Section1cSumoAccessKey
-  #     SumoDeployment: !Ref Section1aSumoDeployment
-  #     AppJsonS3Url: !Sub "https://${Section5bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section5cNestedTemplateVersion}/appjson/Rce-App.json"
-  #     location: !Ref Section6aAppInstallLocation
-  #     share: !Ref Section6bShare
-  #     orgid: !Ref Section1fOrgId
-
   CloudTrailDevOps:
     Type: Custom::App
     Condition: install_app
@@ -386,7 +351,7 @@ Resources:
       AppId: "c7e195de-f169-460a-8e8b-7bb23af0ee5e"
       AppSources:
         CloudTrailLogSrc: "account=* eventSource"
-      FolderName: !Sub "AWS Observability ${Section5cNestedTemplateVersion} "
+      FolderName: !Sub "AWS Observability ${Section5bNestedTemplateVersion} "
       RetainOldAppOnUpdate: true
       RemoveOnDeleteStack: !Ref Section1eRemoveSumoResourcesOnDeleteStack
       SumoAccessID: !Ref Section1bSumoAccessID
@@ -426,7 +391,7 @@ Resources:
         Statement:
           - Effect: Allow
             Principal:
-              AWS: !Sub "arn:aws:iam::${Section2cSumoLogicAccountID}:root"
+              AWS: !Sub "arn:aws:iam::${Section2bSumoLogicAccountID}:root"
             Action: sts:AssumeRole
             Condition:
               StringEquals:
diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml
index 6c9c1ea9..771c862c 100755
--- a/aws-observability/templates/sumologic_observability.master.template.yaml
+++ b/aws-observability/templates/sumologic_observability.master.template.yaml
@@ -715,10 +715,9 @@ Resources:
         Section1dSumoOrganizationId: !Ref Section1dSumoLogicOrganizationId
         Section1eRemoveSumoResourcesOnDeleteStack: !Ref Section1eSumoLogicResourceRemoveOnDeleteStack
         Section2aInstallApp: !If [install_overview_dashboards, !GetAtt CreateCommonResources.Outputs.EnterpriseCheck, "No"]
-        Section2bCollectorName: ''
-        Section2cSumoLogicAccountID: !FindInMap [CommonData, CollectorDetails, SumoLogicAccountID]
-        Section2dAccountAlias: !Ref Section2aAccountAlias
-        Section2eAccountAliasMappingS3URL: !Ref Section2bAccountAliasMappingS3URL
+        Section2bSumoLogicAccountID: !FindInMap [CommonData, CollectorDetails, SumoLogicAccountID]
+        Section2cAccountAlias: !Ref Section2aAccountAlias
+        Section2dAccountAliasMappingS3URL: !Ref Section2bAccountAliasMappingS3URL
         Section3aCreateAwsInventorySource: !If [install_inventory_source, !GetAtt CreateCommonResources.Outputs.EnterpriseCheck, "No"]
         Section3bAwsInventorySourceName: !Sub "inventory-${AWS::Region}"
         Section3cNamespaces: !GetAtt CreateCommonResources.Outputs.Namespaces
@@ -727,8 +726,7 @@ Resources:
         Section4bAwsXRaySourceName: !Sub "xray-${AWS::Region}"
         Section4cXraySourceCategory: !FindInMap [CommonData, CollectorDetails, XraySourceCategory]
         Section5aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN
-        Section5bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName]
-        Section5cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version]
+        Section5bNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version]
         Section6aAppInstallLocation: !Ref Section10aAppInstallLocation
         Section6bShare: !Ref Section10bShare
         Section1fOrgId: !Ref Section1dSumoLogicOrganizationId

From 99b8a53edb2119c6967577a5eb71b2fda41bbb65 Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Wed, 15 Jun 2022 10:18:10 +0530
Subject: [PATCH 35/82] Updated description for Amazon Elasticache app.

---
 aws-observability/json/ElastiCache-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/ElastiCache-App.json b/aws-observability/json/ElastiCache-App.json
index 156f5290..9ca25704 100644
--- a/aws-observability/json/ElastiCache-App.json
+++ b/aws-observability/json/ElastiCache-App.json
@@ -1,7 +1,7 @@
 {
     "type": "FolderSyncDefinition",
     "name": "Amazon ElastiCache",
-    "description": "The Sumo Logic App for Amazon ElastiCache allows you to set up, run, and scale popular open-source compatible in-memory data stores in the cloud. \n\nThe Amazon ElastiCache dashboards provide visibility into key event and performance analytics that enable proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics. The dashboards also have additional performance insights for Redis clusters.",
+    "description": "The Sumo Logic app for Amazon ElastiCache provides visibility into key event and performance analytics that enable proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics. The dashboards also have additional performance insights for Redis clusters.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",

From 499e661f59e36135d2cb1d689af5195bf7b8c36c Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Wed, 15 Jun 2022 10:25:07 +0530
Subject: [PATCH 36/82] Minor update to one dashboard description of Amazon
 ElastiCache app

---
 aws-observability/json/ElastiCache-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/ElastiCache-App.json b/aws-observability/json/ElastiCache-App.json
index 9ca25704..50243d65 100644
--- a/aws-observability/json/ElastiCache-App.json
+++ b/aws-observability/json/ElastiCache-App.json
@@ -3312,7 +3312,7 @@
         {
             "type": "DashboardV2SyncDefinition",
             "name": "3. Amazon ElastiCache - Redis Performance Overview",
-            "description": "The Amazon ElastiCache - Redis Performance Overview dashboard provides an overview into performance, evictions and authentication and authorization failures of ElastiCache Redis clusters.",
+            "description": "The Amazon ElastiCache - Redis Performance Overview dashboard provides an overview into performance, evictions, authentication and authorization failures of ElastiCache Redis clusters.",
             "title": "3. Amazon ElastiCache - Redis Performance Overview",
             "theme": "Light",
             "topologyLabelMap": {

From da64886e00618e4daa95bc7482ea73ae7c8809ff Mon Sep 17 00:00:00 2001
From: Nitin Pande <npande@sumologic.com>
Date: Wed, 15 Jun 2022 16:24:11 +0530
Subject: [PATCH 37/82] Updated EC2 dashboards - mostly look and feel.

---
 .../json/EC2-CW-Metrics-App.json              | 174 +++++-----
 aws-observability/json/EC2-Metrics-App.json   | 312 +++++++++---------
 2 files changed, 243 insertions(+), 243 deletions(-)

diff --git a/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability/json/EC2-CW-Metrics-App.json
index 74e22dfb..14664d19 100644
--- a/aws-observability/json/EC2-CW-Metrics-App.json
+++ b/aws-observability/json/EC2-CW-Metrics-App.json
@@ -212,7 +212,7 @@
                     "id": null,
                     "key": "panelPANE-B26E4DA1A965A945",
                     "title": "Disk Read Bytes per Instance Type - Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -227,7 +227,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -238,8 +238,8 @@
                 {
                     "id": null,
                     "key": "panelC4B249E5912CB94F",
-                    "title": "Disk Write Bytes per Instance Type - Tred",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "title": "Disk Write Bytes per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -254,7 +254,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -320,7 +320,7 @@
                     "id": null,
                     "key": "panelE18A48F4BDD8A845",
                     "title": "Network In (Bytes) per Instance Type - Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -335,7 +335,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -347,7 +347,7 @@
                     "id": null,
                     "key": "panel4AF9CB5BBF1B2B41",
                     "title": "Network Out (Bytes) per Instance Type - Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -362,7 +362,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -509,7 +509,7 @@
                     "id": null,
                     "key": "panelPANE-08FF463080A39847",
                     "title": "Network per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -518,7 +518,7 @@
                     "id": null,
                     "key": "panel4EC8EE6AB0E55B4C",
                     "title": "Instance Disk Store per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -527,13 +527,13 @@
                     "id": null,
                     "key": "panel297BE38F9ED6C84A",
                     "title": "EBS Read Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region, namespace",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -542,7 +542,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -554,7 +554,7 @@
                     "id": null,
                     "key": "panelB8F8261D9EFA8A4A",
                     "title": "EBS Write Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -569,7 +569,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -596,7 +596,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -797,7 +797,7 @@
                     "id": null,
                     "key": "panelE0D443CB96023840",
                     "title": "Network In (Bytes) by Instance Type",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -812,7 +812,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -824,7 +824,7 @@
                     "id": null,
                     "key": "panelE5F107D5AEFF6B45",
                     "title": "Network Out (Bytes) by Instance Type",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -839,7 +839,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -851,7 +851,7 @@
                     "id": null,
                     "key": "panel0B5FD12FA18F1B42",
                     "title": "Disk Read Bytes by Instance Type",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -866,7 +866,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -878,7 +878,7 @@
                     "id": null,
                     "key": "panelE9A3087B8434B84E",
                     "title": "Disk Write Bytes by Instance Type",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\"}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -893,7 +893,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -905,7 +905,7 @@
                     "id": null,
                     "key": "panelDF0ABE6C925FDB40",
                     "title": "CPU Utilization per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -1022,10 +1022,10 @@
                     "id": null,
                     "key": "panelPANE-933546D1AEA64B4B",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 },
                 {
                     "id": null,
@@ -1334,7 +1334,7 @@
                     "id": null,
                     "key": "panelPANE-B26E4DA1A965A945",
                     "title": "Disk Read Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1349,7 +1349,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1361,7 +1361,7 @@
                     "id": null,
                     "key": "panelC4B249E5912CB94F",
                     "title": "Disk Write Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1376,7 +1376,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1442,7 +1442,7 @@
                     "id": null,
                     "key": "panelE18A48F4BDD8A845",
                     "title": "Network In (Bytes)",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1457,7 +1457,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1469,7 +1469,7 @@
                     "id": null,
                     "key": "panel4AF9CB5BBF1B2B41",
                     "title": "Network Out (Bytes)",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1484,7 +1484,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1685,7 +1685,7 @@
                     "id": null,
                     "key": "panelPANE-D0BB869785134841",
                     "title": "Instance Disk Store",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -1694,7 +1694,7 @@
                     "id": null,
                     "key": "panelPANE-FEB8135A9882C944",
                     "title": "Network",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -1703,7 +1703,7 @@
                     "id": null,
                     "key": "panelPANE-E3E100D38FD11943",
                     "title": "EBS Read Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1718,7 +1718,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1730,7 +1730,7 @@
                     "id": null,
                     "key": "panelC0673D08917CA840",
                     "title": "EBS Write Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1745,7 +1745,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1811,7 +1811,7 @@
                     "id": null,
                     "key": "panel4464C0CCB5FECA41",
                     "title": "EBS",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -2062,10 +2062,10 @@
                     "id": null,
                     "key": "panelPANE-05EE1E8FB23C084B",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 }
             ],
             "variables": [
@@ -2325,7 +2325,7 @@
                     "id": null,
                     "key": "panelPANE-918CA9B3A4DBD842",
                     "title": "CPU Utilization",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "* CPUUtilization: The percentage of allocated EC2 compute units that are currently in use on the instance.\n* DedicatedHostCPUUtilization: The percentage of allocated compute capacity that is currently in use by the instances running on the T3 Dedicated Host."
@@ -2334,7 +2334,7 @@
                     "id": null,
                     "key": "panel32656D81BBA34B41",
                     "title": "CPU Credits - For Burstable Performance Instances",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "* The EC2 burstable instances consist of T4g, T3a and T3 instance types, and the previous generation T2 instance types. \n* For details on these T instances refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html\n* For CPU Credit metrics refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#cpu-credit-metrics"
@@ -2397,7 +2397,7 @@
                     "id": null,
                     "key": "panelD897B984B24EEB41",
                     "title": "CPU Surplus Credits (Charged, Balance)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -2406,7 +2406,7 @@
                     "id": null,
                     "key": "panel4208674EAEFC8A4E",
                     "title": "CPU Credits (Usage, Balance) ",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -2415,10 +2415,10 @@
                     "id": null,
                     "key": "panelPANE-4AFBCF8DA8530A4E",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 }
             ],
             "variables": [
@@ -2601,7 +2601,7 @@
                     "id": null,
                     "key": "panelPANE-B26E4DA1A965A945",
                     "title": "EBS Read Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2616,7 +2616,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2817,7 +2817,7 @@
                     "id": null,
                     "key": "panel4CDAC73BB3610B44",
                     "title": "EBS Write Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2832,7 +2832,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2844,16 +2844,16 @@
                     "id": null,
                     "key": "panelPANE-04CA3839903A594C",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 },
                 {
                     "id": null,
                     "key": "panelPANE-ABB12B7EBD0C7842",
                     "title": "Amazon EBS metrics for Nitro-based instances",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "* **EBSReadOps, EBSWriteOps**: Completed read, write operations from all Amazon EBS volumes attached to the instance in a specified period of time.\n* **EBSReadBytes, EBSWriteBytes**: Bytes read, write from all EBS volumes attached to the instance in a specified period of time.\n* **EBSIOBalance%**: Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.\n* **EBSByteBalance%**: Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.\n\n"
@@ -3008,7 +3008,7 @@
                     "id": null,
                     "key": "panelPANE-B26E4DA1A965A945",
                     "title": "Disk Read Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3023,7 +3023,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3035,7 +3035,7 @@
                     "id": null,
                     "key": "panelC4B249E5912CB94F",
                     "title": "Disk Write Bytes",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3170,7 +3170,7 @@
                     "id": null,
                     "key": "panelPANE-918CA9B3A4DBD842",
                     "title": "Instance Store - Disk (Bytes)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3179,7 +3179,7 @@
                     "id": null,
                     "key": "panel32656D81BBA34B41",
                     "title": "Instance Store - Disk (Operations)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3242,10 +3242,10 @@
                     "id": null,
                     "key": "panelPANE-98034B8AAFD8AB4B",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 }
             ],
             "variables": [
@@ -3397,7 +3397,7 @@
                     "id": null,
                     "key": "panelE18A48F4BDD8A845",
                     "title": "Network Bytes In",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3412,7 +3412,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3424,7 +3424,7 @@
                     "id": null,
                     "key": "panel4AF9CB5BBF1B2B41",
                     "title": "Network Bytes Out",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3439,7 +3439,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3559,7 +3559,7 @@
                     "id": null,
                     "key": "panelPANE-0AEEAEAAB56CD841",
                     "title": "Network (Bytes)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3568,7 +3568,7 @@
                     "id": null,
                     "key": "panelFED57949B8A0DA4F",
                     "title": "Network (Packets)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3631,10 +3631,10 @@
                     "id": null,
                     "key": "panelPANE-B074BD5EA7326A45",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 }
             ],
             "variables": [
@@ -3737,43 +3737,43 @@
                 "layoutStructures": [
                     {
                         "key": "panelPANE-B26E4DA1A965A945",
-                        "structure": "{\"height\":8,\"width\":8,\"x\":8,\"y\":12}"
+                        "structure": "{\"height\":8,\"width\":8,\"x\":8,\"y\":11}"
                     },
                     {
                         "key": "panelC4B249E5912CB94F",
-                        "structure": "{\"height\":8,\"width\":8,\"x\":16,\"y\":12}"
+                        "structure": "{\"height\":8,\"width\":8,\"x\":16,\"y\":11}"
                     },
                     {
                         "key": "panel1D3AFBF59EA93A4A",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":7}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":6}"
                     },
                     {
                         "key": "panelCE45E0C9A48CC840",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":7}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":6}"
                     },
                     {
                         "key": "panel1F5FFC3E8F012849",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":7}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":6}"
                     },
                     {
                         "key": "panel659291A58A5D3845",
-                        "structure": "{\"height\":8,\"width\":8,\"x\":0,\"y\":12}"
+                        "structure": "{\"height\":8,\"width\":8,\"x\":0,\"y\":11}"
                     },
                     {
                         "key": "panelPANE-CFEE196EBE8B3A47",
-                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":4,\"width\":24,\"x\":0,\"y\":2}"
                     },
                     {
                         "key": "panelAEE4F5C3A2E0A840",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":7}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":6}"
                     },
                     {
                         "key": "panel428AE851BBEFCA4F",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":7}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":6}"
                     },
                     {
                         "key": "panel5B78F6CDB323DB47",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":7}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":6}"
                     },
                     {
                         "key": "panelPANE-93ECF7FDA914084E",
@@ -3987,10 +3987,10 @@
                     "id": null,
                     "key": "panelPANE-CFEE196EBE8B3A47",
                     "title": "Status Check",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "* **StatusCheckFailed**: Reports whether the instance has passed both the instance status check and the system status check in the last minute.\n* **StatusCheckFailed_Instance**: Reports whether the instance has passed the instance status check in the last minute.\n* **StatusCheckFailed_System**: Reports whether the instance has passed the system status check in the last minute.\n\nThis status check metric value can be either 0 (passed) or 1 (failed).\n\n"
+                    "text": "* **StatusCheckFailed**: Reports whether the instance has passed both the instance status check and the system status check in the last minute.\n* **StatusCheckFailed_Instance**: Reports whether the instance has passed the instance status check in the last minute.\n* **StatusCheckFailed_System**: Reports whether the instance has passed the system status check in the last minute.\n\nThis status check metric value can be either 0 (passed) or 1 (failed)."
                 },
                 {
                     "id": null,
@@ -4077,10 +4077,10 @@
                     "id": null,
                     "key": "panelPANE-93ECF7FDA914084E",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Cloud Watch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
                 }
             ],
             "variables": [
diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index 0e428b6a..b368e607 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -39,87 +39,87 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-b03ffbbdb0b59b4d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":27}"
                     },
                     {
                         "key": "panelpane-73159cd48a30e84d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":27}"
                     },
                     {
                         "key": "panelpane-7c0398e384ef0b4b",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":32}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":33}"
                     },
                     {
                         "key": "panelpane-2a01fd42b58b994e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":32}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":33}"
                     },
                     {
                         "key": "panelpane-21f9df3286d4d843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":38}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":39}"
                     },
                     {
                         "key": "panelpane-b0342f51a88b2a47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":38}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":39}"
                     },
                     {
                         "key": "panelpane-2f4529faa0fcc94e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":44}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":45}"
                     },
                     {
                         "key": "panelpane-909c4962a7e08843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":44}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":45}"
                     },
                     {
                         "key": "panelpane-33b218968b91a845",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":15}"
                     },
                     {
                         "key": "panelpane-481cfaaf957d7842",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":15}"
                     },
                     {
                         "key": "panelpane-d3677624bfee3b41",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":21}"
                     },
                     {
                         "key": "panelpane-cea7ffdeb458fb4e",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":21}"
                     },
                     {
                         "key": "panelpane-33ac098a81186b4e",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":15}"
                     },
                     {
                         "key": "panelpane-9d0a24618eef0a4e",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":21}"
                     },
                     {
                         "key": "panelpane-1e29da5dbd267a45",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panelPANE-2061037A94244A4B",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelPANE-DE8ED3CB8CEBF849",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
                     },
                     {
                         "key": "panel2F40FE32B1ED8A48",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
                     },
                     {
                         "key": "panel092B86A6AF75C942",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
                     },
                     {
                         "key": "panelE292F5CA9886CA4E",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":21}"
                     },
                     {
                         "key": "panelPANE-669661608BAAEB4B",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -208,7 +208,7 @@
                     "id": null,
                     "key": "panelpane-7c0398e384ef0b4b",
                     "title": "Total Free System Memory per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Free Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Free Memory\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -221,9 +221,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -235,7 +235,7 @@
                     "id": null,
                     "key": "panelpane-2a01fd42b58b994e",
                     "title": "Total Used, Less Buffers and Cached Memory per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Used Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Used Memory\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -248,9 +248,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -262,7 +262,7 @@
                     "id": null,
                     "key": "panelpane-21f9df3286d4d843",
                     "title": "Disk Used Bytes per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Disk Used Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Disk Used Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -275,9 +275,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -289,7 +289,7 @@
                     "id": null,
                     "key": "panelpane-b0342f51a88b2a47",
                     "title": "Disk Available Bytes per Instance Type",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Disk Available Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Disk Available Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{InstanceType}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -302,9 +302,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -694,10 +694,10 @@
                     "id": null,
                     "key": "panelPANE-669661608BAAEB4B",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -800,63 +800,63 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-b03ffbbdb0b59b4d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
                     },
                     {
                         "key": "panelpane-73159cd48a30e84d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
                     },
                     {
                         "key": "panelpane-7c0398e384ef0b4b",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
                     },
                     {
                         "key": "panelpane-2a01fd42b58b994e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
                     },
                     {
                         "key": "panelpane-21f9df3286d4d843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":19}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
                     },
                     {
                         "key": "panelpane-b0342f51a88b2a47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
                     },
                     {
                         "key": "panelpane-909c4962a7e08843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}"
                     },
                     {
                         "key": "panelpane-481cfaaf957d7842",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":2}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":3}"
                     },
                     {
                         "key": "panelpane-d3677624bfee3b41",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":2}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":3}"
                     },
                     {
                         "key": "panelpane-cea7ffdeb458fb4e",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":2}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":3}"
                     },
                     {
                         "key": "panelpane-33ac098a81186b4e",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":2}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":3}"
                     },
                     {
                         "key": "panelpane-9d0a24618eef0a4e",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":2}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":3}"
                     },
                     {
                         "key": "panel92B3F2A48B5DCA4F",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}"
                     },
                     {
                         "key": "panelPANE-60B5D586941BE849",
-                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelPANE-8F83BD319926A843",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -945,7 +945,7 @@
                     "id": null,
                     "key": "panelpane-7c0398e384ef0b4b",
                     "title": "Total Free System Memory",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Free Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Free Memory\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -958,9 +958,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -972,7 +972,7 @@
                     "id": null,
                     "key": "panelpane-2a01fd42b58b994e",
                     "title": "Total Used, Less Buffers and Cached Memory",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Used Memory\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Used Memory\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -985,9 +985,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -999,7 +999,7 @@
                     "id": null,
                     "key": "panelpane-21f9df3286d4d843",
                     "title": "Disk Used Bytes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Disk Used Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"instanceid={{instanceid}} dirname={{dirname}} devname={{devname}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Disk Used Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"instanceid={{instanceid}} dirname={{dirname}} devname={{devname}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1012,9 +1012,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1026,7 +1026,7 @@
                     "id": null,
                     "key": "panelpane-b0342f51a88b2a47",
                     "title": "Disk Available Bytes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Disk Available Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"instanceid={{instanceid}} dirname={{dirname}} devname={{devname}}\"}}],\"color\":{\"family\":\"scheme7\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Disk Available Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"instanceid={{instanceid}} dirname={{dirname}} devname={{devname}}\"}}],\"color\":{\"family\":\"scheme7\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1039,9 +1039,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1269,10 +1269,10 @@
                     "id": null,
                     "key": "panelPANE-8F83BD319926A843",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -1881,7 +1881,7 @@
                     "id": null,
                     "key": "panelPANE-4022F95385542A46",
                     "title": "Successful Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"fontSize\":16,\"showTitle\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "Successful Events"
@@ -1890,7 +1890,7 @@
                     "id": null,
                     "key": "panelD9E5828D86D12941",
                     "title": "Failure Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false,\"fontSize\":16},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "Failure Events"
@@ -1981,39 +1981,39 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-b8fdf6e2b8c1d843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelpane-faa47ec2a6e5d947",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
                     },
                     {
                         "key": "panelpane-c59320268cdb7a49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
                     },
                     {
                         "key": "panelpane-88f4336192c38b49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
                     },
                     {
                         "key": "panelpane-373635dab1b6b944",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
                     },
                     {
                         "key": "panelpane-1902994c9e385941",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
                     },
                     {
                         "key": "panelpane-29ddbf5e98aa884e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
                     },
                     {
                         "key": "panelPANE-DF143E118916F949",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panelPANE-81DC18F39F979843",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -2238,10 +2238,10 @@
                     "id": null,
                     "key": "panelPANE-81DC18F39F979843",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -2344,31 +2344,31 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-efa308ec98ca9a47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelpane-51fa4586b262ea45",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
                     },
                     {
                         "key": "panelpane-f40f828787debb4b",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
                     },
                     {
                         "key": "panelpane-f77ed3b9a7469a41",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
                     },
                     {
                         "key": "panelpane-14a8edc8a9082a44",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panelpane-fd78c765b827f940",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
                     },
                     {
                         "key": "panelPANE-6B4E2CE18CB63944",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -2377,7 +2377,7 @@
                     "id": null,
                     "key": "panelpane-efa308ec98ca9a47",
                     "title": "Total Physical RAM",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2390,9 +2390,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2444,7 +2444,7 @@
                     "id": null,
                     "key": "panelpane-f40f828787debb4b",
                     "title": "Total Free, Buffers and Cached Memory",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2457,9 +2457,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2471,7 +2471,7 @@
                     "id": null,
                     "key": "panelpane-f77ed3b9a7469a41",
                     "title": "Total Used, Less Buffers and Cached Memory",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2484,9 +2484,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2498,7 +2498,7 @@
                     "id": null,
                     "key": "panelpane-14a8edc8a9082a44",
                     "title": "Total Free Memory",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2511,9 +2511,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2525,7 +2525,7 @@
                     "id": null,
                     "key": "panelpane-fd78c765b827f940",
                     "title": "Total Used Memory",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2538,9 +2538,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2552,10 +2552,10 @@
                     "id": null,
                     "key": "panelPANE-6B4E2CE18CB63944",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [
@@ -2658,63 +2658,63 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-f5adc9cfa7ab084e",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
                     },
                     {
                         "key": "panelpane-fbbffe38bcd87a4d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
                     },
                     {
                         "key": "panelpane-74ec11c0b1d21845",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
                     },
                     {
                         "key": "panelpane-972ecae0a835ab49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":28}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":29}"
                     },
                     {
                         "key": "panelpane-e941049387bcc843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
                     },
                     {
                         "key": "panelpane-24a34d858564ca43",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":28}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":29}"
                     },
                     {
                         "key": "panelPANE-7940D0AEBE753846",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelPANE-A8BE6B8FB2B93A44",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
                     },
                     {
                         "key": "panelPANE-83E140288B3B9A48",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     },
                     {
                         "key": "panel888DBB5FA4FA294E",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
                     },
                     {
                         "key": "panel28D28566BBFD3B4C",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":34}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":35}"
                     },
                     {
                         "key": "panelPANE-60752DE0A8D6184C",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":14}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panelF655848EA2E3D843",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
                     },
                     {
                         "key": "panel2358A1BAB0241A42",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":28}"
                     },
                     {
                         "key": "panel9F7F10FE8C8B484F",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":28,\"minHeight\":3,\"minWidth\":3}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":35}"
                     }
                 ]
             },
@@ -2723,7 +2723,7 @@
                     "id": null,
                     "key": "panelpane-f5adc9cfa7ab084e",
                     "title": "Disk Used Bytes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2736,9 +2736,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2750,7 +2750,7 @@
                     "id": null,
                     "key": "panelpane-fbbffe38bcd87a4d",
                     "title": "Disk Available Bytes",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"instanceid={{instanceid}} DevName={{DevName}} DirName={{DirName}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -2763,9 +2763,9 @@
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -2939,10 +2939,10 @@
                     "id": null,
                     "key": "panelPANE-83E140288B3B9A48",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 },
                 {
                     "id": null,
@@ -2975,7 +2975,7 @@
                     "id": null,
                     "key": "panel28D28566BBFD3B4C",
                     "title": "Disk Read Byte",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3002,7 +3002,7 @@
                     "id": null,
                     "key": "panelPANE-60752DE0A8D6184C",
                     "title": "Disk Read, Write (Operations)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3038,7 +3038,7 @@
                     "id": null,
                     "key": "panel2358A1BAB0241A42",
                     "title": "Disk Read, Write (Bytes)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3047,7 +3047,7 @@
                     "id": null,
                     "key": "panel9F7F10FE8C8B484F",
                     "title": "Disk Write Byte",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3171,47 +3171,47 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-aae783508eb33b4b",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":18}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":19}"
                     },
                     {
                         "key": "panelpane-38312cc29dd88a45",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":18}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":19}"
                     },
                     {
                         "key": "panelpane-256276e180045843",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":3}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":4}"
                     },
                     {
                         "key": "panelpane-f0bf2577bbe6ba48",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":3}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":4}"
                     },
                     {
                         "key": "panelPANE-6721BD51887F684F",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     },
                     {
                         "key": "panelPANE-CEAEA20CA5CBCA4A",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelPANE-1FD6EE6CB9C8B949",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":17}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":18}"
                     },
                     {
                         "key": "panelD31811DD9ADB8842",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":10}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":11}"
                     },
                     {
                         "key": "panel0010AA82AEFC3842",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":10}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":11}"
                     },
                     {
                         "key": "panel560A181992908B47",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":25}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":0,\"y\":26}"
                     },
                     {
                         "key": "panel5B0F35BAB437E845",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":18,\"minHeight\":3,\"minWidth\":3}"
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":26}"
                     }
                 ]
             },
@@ -3328,16 +3328,16 @@
                     "id": null,
                     "key": "panelPANE-6721BD51887F684F",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 },
                 {
                     "id": null,
                     "key": "panelPANE-CEAEA20CA5CBCA4A",
                     "title": "Network (Bytes)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3346,7 +3346,7 @@
                     "id": null,
                     "key": "panelPANE-1FD6EE6CB9C8B949",
                     "title": "Network (Packets)",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -3355,7 +3355,7 @@
                     "id": null,
                     "key": "panelD31811DD9ADB8842",
                     "title": "Network InByte",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"minimum\":0},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"minimum\":0,\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3382,7 +3382,7 @@
                     "id": null,
                     "key": "panel0010AA82AEFC3842",
                     "title": "Network OutByte",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\"},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{instanceid}}\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -3560,39 +3560,39 @@
                 "layoutStructures": [
                     {
                         "key": "panelpane-17ee2e37b6eccb47",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
                     },
                     {
                         "key": "panelpane-c24a86f4a132b84c",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
                     },
                     {
                         "key": "panelpane-820b2a5db0d45848",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panelpane-d8ac2293bd568940",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":15}"
                     },
                     {
                         "key": "panelpane-ef64ec5dbc991840",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
                     },
                     {
                         "key": "panelpane-35dcff5392216a4f",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
                     },
                     {
                         "key": "panelPANE-EC5685348CE70A41",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
                     },
                     {
                         "key": "panelPANE-B10542A88EB87840",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
                     },
                     {
                         "key": "panelPANE-3DF23A5780C32B4B",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -3817,10 +3817,10 @@
                     "id": null,
                     "key": "panelPANE-3DF23A5780C32B4B",
                     "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":20}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This panel requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                    "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
                 }
             ],
             "variables": [

From bc9362623c36c6f42976413ef4bef6cbdb4911a8 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Thu, 16 Jun 2022 19:20:34 +0530
Subject: [PATCH 38/82] SNS added

---
 aws-observability-terraform/README.md         |    5 +-
 .../app-modules/README.md                     |    8 +-
 .../app-modules/main.tf                       |   24 +
 .../app-modules/outputs.tf                    |   15 +
 .../app-modules/sns/README.md                 |   40 +
 .../app-modules/sns/app.tf                    |  188 ++
 .../app-modules/sns/outputs.tf                |   16 +
 .../app-modules/sns/variables.tf              |   93 +
 aws-observability-terraform/field.tf          |    7 +
 aws-observability/json/Sns-App.json           | 1628 +++++++++++++++++
 10 files changed, 2019 insertions(+), 5 deletions(-)
 create mode 100644 aws-observability-terraform/app-modules/sns/README.md
 create mode 100644 aws-observability-terraform/app-modules/sns/app.tf
 create mode 100644 aws-observability-terraform/app-modules/sns/outputs.tf
 create mode 100644 aws-observability-terraform/app-modules/sns/variables.tf
 create mode 100644 aws-observability/json/Sns-App.json

diff --git a/aws-observability-terraform/README.md b/aws-observability-terraform/README.md
index 02b03ae2..5cdb9d6b 100644
--- a/aws-observability-terraform/README.md
+++ b/aws-observability-terraform/README.md
@@ -12,13 +12,12 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.14.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.16.2 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
 | <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
 
 ## Resources
@@ -39,6 +38,7 @@
 | [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.topicname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 
 ## Inputs
 
@@ -57,4 +57,3 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
-| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md
index 9a948e6d..8647b24a 100644
--- a/aws-observability-terraform/app-modules/README.md
+++ b/aws-observability-terraform/app-modules/README.md
@@ -10,8 +10,8 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.14.0 |
-| <a name="provider_time"></a> [time](#provider\_time) | n/a |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.16.2 |
+| <a name="provider_time"></a> [time](#provider\_time) | 0.7.2 |
 
 ## Modules
 
@@ -29,6 +29,7 @@
 | <a name="module_overview_app"></a> [overview\_app](#module\_overview\_app) | ./overview | n/a |
 | <a name="module_rce_app"></a> [rce\_app](#module\_rce\_app) | ./rce | n/a |
 | <a name="module_rds_app"></a> [rds\_app](#module\_rds\_app) | ./rds | n/a |
+| <a name="module_sns_app"></a> [sns\_app](#module\_sns\_app) | ./sns | n/a |
 
 ## Resources
 
@@ -87,6 +88,7 @@
 | <a name="output_sumologic_content_overview"></a> [sumologic\_content\_overview](#output\_sumologic\_content\_overview) | This output contains overview App. |
 | <a name="output_sumologic_content_rce"></a> [sumologic\_content\_rce](#output\_sumologic\_content\_rce) | This output contains rce Apps. |
 | <a name="output_sumologic_content_rds"></a> [sumologic\_content\_rds](#output\_sumologic\_content\_rds) | This output contains rds App. |
+| <a name="output_sumologic_content_sns"></a> [sumologic\_content\_sns](#output\_sumologic\_content\_sns) | This output contains apigateway App. |
 | <a name="output_sumologic_field_alb"></a> [sumologic\_field\_alb](#output\_sumologic\_field\_alb) | This output contains fields required for alb app. |
 | <a name="output_sumologic_field_apigateway"></a> [sumologic\_field\_apigateway](#output\_sumologic\_field\_apigateway) | This output contains fields required for apigateway app. |
 | <a name="output_sumologic_field_dynamodb"></a> [sumologic\_field\_dynamodb](#output\_sumologic\_field\_dynamodb) | This output contains fields required for dynamodb app. |
@@ -102,10 +104,12 @@
 | <a name="output_sumologic_field_extraction_rule_elb"></a> [sumologic\_field\_extraction\_rule\_elb](#output\_sumologic\_field\_extraction\_rule\_elb) | This output contains Field Extraction rules required for classic elb app. |
 | <a name="output_sumologic_field_extraction_rule_lambda"></a> [sumologic\_field\_extraction\_rule\_lambda](#output\_sumologic\_field\_extraction\_rule\_lambda) | This output contains Field Extraction rules required for lambda app. |
 | <a name="output_sumologic_field_extraction_rule_rds"></a> [sumologic\_field\_extraction\_rule\_rds](#output\_sumologic\_field\_extraction\_rule\_rds) | This output contains Field Extraction rules required for rds app. |
+| <a name="output_sumologic_field_extraction_rule_sns"></a> [sumologic\_field\_extraction\_rule\_sns](#output\_sumologic\_field\_extraction\_rule\_sns) | This output contains Field Extraction rules required for apigateway app. |
 | <a name="output_sumologic_field_lambda"></a> [sumologic\_field\_lambda](#output\_sumologic\_field\_lambda) | This output contains fields required for lambda app. |
 | <a name="output_sumologic_field_nlb"></a> [sumologic\_field\_nlb](#output\_sumologic\_field\_nlb) | This output contains fields required for nlb app. |
 | <a name="output_sumologic_field_overview"></a> [sumologic\_field\_overview](#output\_sumologic\_field\_overview) | This output contains fields required for overview app. |
 | <a name="output_sumologic_field_rds"></a> [sumologic\_field\_rds](#output\_sumologic\_field\_rds) | This output contains fields required for rds app. |
+| <a name="output_sumologic_field_sns"></a> [sumologic\_field\_sns](#output\_sumologic\_field\_sns) | This output contains fields required for apigateway app. |
 | <a name="output_sumologic_hierarchy"></a> [sumologic\_hierarchy](#output\_sumologic\_hierarchy) | This output contains Sumologic Hierarchy. |
 | <a name="output_sumologic_metric_rules_nlb"></a> [sumologic\_metric\_rules\_nlb](#output\_sumologic\_metric\_rules\_nlb) | This output contains metric rules required for nlb app. |
 | <a name="output_sumologic_metric_rules_rds"></a> [sumologic\_metric\_rules\_rds](#output\_sumologic\_metric\_rules\_rds) | This output contains metric rules required for rds app. |
diff --git a/aws-observability-terraform/app-modules/main.tf b/aws-observability-terraform/app-modules/main.tf
index 20903375..3ec058bf 100644
--- a/aws-observability-terraform/app-modules/main.tf
+++ b/aws-observability-terraform/app-modules/main.tf
@@ -225,6 +225,24 @@ module "elb_app" {
   group_notifications      = var.group_notifications
 }
 
+# Install the sns app and resources.
+module "sns_app" {
+  depends_on = [module.elb_app]
+  source     = "./sns"
+
+  access_id                = var.access_id
+  access_key               = var.access_key
+  environment              = var.environment
+  json_file_directory_path = var.json_file_directory_path
+  app_folder_id            = sumologic_folder.apps_folder.id
+  monitor_folder_id        = sumologic_monitor_folder.monitor_folder.id
+  monitors_disabled        = var.apigateway_monitors_disabled
+  connection_notifications = var.connection_notifications
+  email_notifications      = var.email_notifications
+  group_notifications      = var.group_notifications
+  
+}
+
 # ********************** Create Explore Hierarchy ********************** #
 resource "sumologic_hierarchy" "awso_hierarchy" {
   name = "AWS Observability"
@@ -294,6 +312,12 @@ resource "sumologic_hierarchy" "awso_hierarchy" {
               entity_type = "networkloadbalancer"
             }
           }
+        next_levels_with_conditions {
+          condition = "AWS/SNS"
+          level {
+              entity_type = "topicname"
+            }
+          }
       }
     }
   }
diff --git a/aws-observability-terraform/app-modules/outputs.tf b/aws-observability-terraform/app-modules/outputs.tf
index 4a26c459..2f2bd65c 100644
--- a/aws-observability-terraform/app-modules/outputs.tf
+++ b/aws-observability-terraform/app-modules/outputs.tf
@@ -163,6 +163,21 @@ output "sumologic_content_rce" {
   description = "This output contains rce Apps."
 }
 
+output "sumologic_field_sns" {
+  value       = module.sns_app.sumologic_field
+  description = "This output contains fields required for apigateway app."
+}
+
+output "sumologic_field_extraction_rule_sns" {
+  value       = module.sns_app.sumologic_field_extraction_rule
+  description = "This output contains Field Extraction rules required for apigateway app."
+}
+
+output "sumologic_content_sns" {
+  value       = module.sns_app.sumologic_content
+  description = "This output contains apigateway App."
+}
+
 output "sumologic_hierarchy" {
   value       = sumologic_hierarchy.awso_hierarchy
   description = "This output contains Sumologic Hierarchy."
diff --git a/aws-observability-terraform/app-modules/sns/README.md b/aws-observability-terraform/app-modules/sns/README.md
new file mode 100644
index 00000000..7ced6902
--- /dev/null
+++ b/aws-observability-terraform/app-modules/sns/README.md
@@ -0,0 +1,40 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_sns_module"></a> [sns\_module](#module\_sns\_module) | SumoLogic/sumo-logic-integrations/sumologic//sumologic | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_access_id"></a> [access\_id](#input\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
+| <a name="input_access_key"></a> [access\_key](#input\_access\_key) | Sumo Logic Access Key. | `string` | n/a | yes |
+| <a name="input_app_folder_id"></a> [app\_folder\_id](#input\_app\_folder\_id) | Please provide a folder ID where you would like the app to be installed. | `string` | `""` | no |
+| <a name="input_connection_notifications"></a> [connection\_notifications](#input\_connection\_notifications) | Connection Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      connection_id         = string,<br>      payload_override      = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
+| <a name="input_email_notifications"></a> [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | <pre>list(object(<br>    {<br>      connection_type       = string,<br>      recipients            = list(string),<br>      subject               = string,<br>      time_zone             = string,<br>      message_body          = string,<br>      run_for_trigger_types = list(string)<br>    }<br>  ))</pre> | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
+| <a name="input_group_notifications"></a> [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no |
+| <a name="input_json_file_directory_path"></a> [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes |
+| <a name="input_monitor_folder_id"></a> [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no |
+| <a name="input_monitors_disabled"></a> [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_sumologic_content"></a> [sumologic\_content](#output\_sumologic\_content) | This output contains amazon sns App. |
+| <a name="output_sumologic_field"></a> [sumologic\_field](#output\_sumologic\_field) | This output contains fields required for amazon sns app. |
+| <a name="output_sumologic_field_extraction_rule"></a> [sumologic\_field\_extraction\_rule](#output\_sumologic\_field\_extraction\_rule) | This output contains Field Extraction rules required for amazon sns app. |
diff --git a/aws-observability-terraform/app-modules/sns/app.tf b/aws-observability-terraform/app-modules/sns/app.tf
new file mode 100644
index 00000000..21f399a3
--- /dev/null
+++ b/aws-observability-terraform/app-modules/sns/app.tf
@@ -0,0 +1,188 @@
+module "sns_module" {
+  source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic"
+
+  access_id   = var.access_id
+  access_key  = var.access_key
+  environment = var.environment
+
+  # ********************** No Metric Rules for API Gateway ********************** #
+
+  # ********************** Fields ********************** #
+  /***
+   managed_fields = {
+     "TopicName" = {
+       field_name = "topicname"
+       data_type  = "String"
+       state      = true
+     }
+   }
+***/
+  # ********************** FERs ********************** #
+  managed_field_extraction_rules = {
+    "SnsFieldExtractionRule" = {
+      name             = "AwsObservabilitySNSLogsFER"
+      scope            = "_sourcecategory=*cloudtrail* \"sns.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | json field=requestParameters "topicArn" as req_topicarn nodrop
+              | json field=responseElements "topicArn" as res_topicarn nodrop
+              | if (isBlank(req_topicarn), res_topicarn, req_topicarn) as topicarn
+              | parse field=topicarn "arn:aws:sns:*:*:*" as r, acctid, topicname nodrop
+              | where eventSource = "sns.amazonaws.com"
+              | "aws/sns" as namespace
+              | fields region, namespace, topicname, accountid
+      EOT
+      enabled          = true
+    }
+  }
+  # ********************** Apps ********************** #
+  managed_apps = {
+    "SNSApp" = {
+      content_json = join("", [var.json_file_directory_path, "/aws-observability/json/Sns-App.json"])
+      folder_id    = var.app_folder_id
+    }
+  }
+
+
+  # ********************** Monitors ********************** #
+  /***
+  managed_monitors = {
+    "AWSAPIGatewayHigh5XXErrors" = {
+      monitor_name         = "AWS API Gateway - High 5XX Errors"
+      monitor_description  = "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes."
+      monitor_monitor_type = "Metrics"
+      monitor_parent_id    = var.monitor_folder_id
+      monitor_is_disabled  = var.monitors_disabled
+      queries = {
+        A = "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        B = "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        C = "#A * 100 / #B along account, region, namespace"
+      }
+      triggers = [
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "Critical",
+          threshold        = 5,
+          threshold_type   = "GreaterThanOrEqual",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        },
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "ResolvedCritical",
+          threshold        = 5,
+          threshold_type   = "LessThan",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        }
+      ]
+      group_notifications      = var.group_notifications
+      connection_notifications = var.connection_notifications
+      email_notifications      = var.email_notifications
+    },
+    "AWSAPIGatewayHigh4XXErrors" = {
+      monitor_name         = "AWS API Gateway - High 4XX Errors"
+      monitor_description  = "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes."
+      monitor_monitor_type = "Metrics"
+      monitor_parent_id    = var.monitor_folder_id
+      monitor_is_disabled  = var.monitors_disabled
+      queries = {
+        A = "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        B = "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        C = "#A * 100 / #B along apiname, account, region, namespace"
+      }
+      triggers = [
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "Critical",
+          threshold        = 5,
+          threshold_type   = "GreaterThanOrEqual",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        },
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "ResolvedCritical",
+          threshold        = 5,
+          threshold_type   = "LessThan",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        }
+      ]
+      group_notifications      = var.group_notifications
+      connection_notifications = var.connection_notifications
+      email_notifications      = var.email_notifications
+    },
+    "AWSAPIGatewayHighIntegrationLatency" = {
+      monitor_name         = "AWS API Gateway - High Integration Latency"
+      monitor_description  = "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes."
+      monitor_monitor_type = "Metrics"
+      monitor_parent_id    = var.monitor_folder_id
+      monitor_is_disabled  = var.monitors_disabled
+      queries = {
+        A = "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+      }
+      triggers = [
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "Critical",
+          threshold        = 1000,
+          threshold_type   = "GreaterThanOrEqual",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        },
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "ResolvedCritical",
+          threshold        = 1000,
+          threshold_type   = "LessThan",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        }
+      ]
+      group_notifications      = var.group_notifications
+      connection_notifications = var.connection_notifications
+      email_notifications      = var.email_notifications
+    },
+    "AWSAPIGatewayHighLatency" = {
+      monitor_name         = "AWS API Gateway - High Latency"
+      monitor_description  = "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes."
+      monitor_monitor_type = "Metrics"
+      monitor_parent_id    = var.monitor_folder_id
+      monitor_is_disabled  = var.monitors_disabled
+      queries = {
+        A = "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+      }
+      triggers = [
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "Critical",
+          threshold        = 1000,
+          threshold_type   = "GreaterThanOrEqual",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        },
+        {
+          detection_method = "StaticCondition",
+          time_range       = "-5m",
+          trigger_type     = "ResolvedCritical",
+          threshold        = 1000,
+          threshold_type   = "LessThan",
+          occurrence_type  = "Always",
+          trigger_source   = "AnyTimeSeries"
+        }
+      ]
+      group_notifications      = var.group_notifications
+      connection_notifications = var.connection_notifications
+      email_notifications      = var.email_notifications
+    }
+  }
+  ***/
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/app-modules/sns/outputs.tf b/aws-observability-terraform/app-modules/sns/outputs.tf
new file mode 100644
index 00000000..fbfde01b
--- /dev/null
+++ b/aws-observability-terraform/app-modules/sns/outputs.tf
@@ -0,0 +1,16 @@
+
+output "sumologic_field" {
+  value       = module.sns_module.sumologic_field
+  description = "This output contains fields required for amazon sns app."
+}
+
+
+output "sumologic_field_extraction_rule" {
+  value       = module.sns_module.sumologic_field_extraction_rule
+  description = "This output contains Field Extraction rules required for amazon sns app."
+}
+
+output "sumologic_content" {
+  value       = module.sns_module.sumologic_content
+  description = "This output contains amazon sns App."
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/app-modules/sns/variables.tf b/aws-observability-terraform/app-modules/sns/variables.tf
new file mode 100644
index 00000000..fe02d594
--- /dev/null
+++ b/aws-observability-terraform/app-modules/sns/variables.tf
@@ -0,0 +1,93 @@
+variable "environment" {
+  type        = string
+  description = "Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
+
+  validation {
+    condition = contains([
+      "au",
+      "ca",
+      "de",
+      "eu",
+      "jp",
+      "us1",
+      "us2",
+      "in",
+    "fed"], var.environment)
+    error_message = "The value must be one of au, ca, de, eu, jp, us1, us2, in, or fed."
+  }
+}
+
+variable "access_id" {
+  type        = string
+  description = "Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key"
+
+  validation {
+    condition     = can(regex("\\w+", var.access_id))
+    error_message = "The SumoLogic access ID must contain valid characters."
+  }
+}
+
+variable "access_key" {
+  type        = string
+  description = "Sumo Logic Access Key."
+
+  validation {
+    condition     = can(regex("\\w+", var.access_key))
+    error_message = "The SumoLogic access key must contain valid characters."
+  }
+}
+
+variable "json_file_directory_path" {
+  type        = string
+  description = "Directory path where all the JSONs are present."
+}
+
+variable "app_folder_id" {
+  type        = string
+  description = "Please provide a folder ID where you would like the app to be installed."
+  default     = ""
+}
+
+variable "monitor_folder_id" {
+  type        = string
+  description = "Please provide a folder ID where you would like the monitors to be installed."
+  default     = ""
+}
+
+variable "monitors_disabled" {
+  type        = bool
+  description = "Whether the monitors are enabled or not?"
+  default     = true
+}
+
+variable "connection_notifications" {
+  type = list(object(
+    {
+      connection_type       = string,
+      connection_id         = string,
+      payload_override      = string,
+      run_for_trigger_types = list(string)
+    }
+  ))
+  description = "Connection Notifications to be sent by the alert."
+}
+
+variable "email_notifications" {
+  type = list(object(
+    {
+      connection_type       = string,
+      recipients            = list(string),
+      subject               = string,
+      time_zone             = string,
+      message_body          = string,
+      run_for_trigger_types = list(string)
+    }
+  ))
+  description = "Email Notifications to be sent by the alert."
+}
+
+variable "group_notifications" {
+  type        = bool
+  description = "Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true."
+  default     = true
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/field.tf b/aws-observability-terraform/field.tf
index 1b7dc985..659ed0e0 100644
--- a/aws-observability-terraform/field.tf
+++ b/aws-observability-terraform/field.tf
@@ -94,4 +94,11 @@ resource "sumologic_field" "dbidentifier" {
     data_type  = "String"
     field_name = "dbidentifier"
     state      = "Enabled"
+}
+
+# Used in SNS
+resource "sumologic_field" "topicname" {
+    data_type  = "String"
+    field_name = "topicname"
+    state      = "Enabled"
 }
\ No newline at end of file
diff --git a/aws-observability/json/Sns-App.json b/aws-observability/json/Sns-App.json
new file mode 100644
index 00000000..3acb88d8
--- /dev/null
+++ b/aws-observability/json/Sns-App.json
@@ -0,0 +1,1628 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "Amazon SNS",
+    "description": "",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon SNS - Metric by TopicName",
+            "description": "",
+            "title": "1. Amazon SNS - Metric by TopicName",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "topicname": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-15m"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelA27999D2BE87AA49",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel82FC587B9BACF941",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panel5B8B44C3A5FE2B4D",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel6C973DE0BC0A3947",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":23}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelA27999D2BE87AA49",
+                    "title": "Number of Messages Published",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfMessagesPublished Statistic=Sum topicname={{topicname}} | sum by TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel82FC587B9BACF941",
+                    "title": "Message Publish Size",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=PublishSize Statistic=Average topicname={{topicname}} | avg by TopicName ",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5B8B44C3A5FE2B4D",
+                    "title": "Number of Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsDelivered Statistic=Sum topicname={{topicname}} | sum by TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6C973DE0BC0A3947",
+                    "title": "Number of Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsFailed Statistic=Sum topicname={{topicname}} | sum by TopicName ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon SNS - Overview",
+            "description": "",
+            "title": "1. Amazon SNS - Overview",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-15m"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel7954FF5B9CB3B945",
+                        "structure": "{\"height\":9,\"width\":6,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelDDAD359AB900B942",
+                        "structure": "{\"height\":9,\"width\":6,\"x\":6,\"y\":0}"
+                    },
+                    {
+                        "key": "panel40B571E3A8CF694E",
+                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel93252B51B57EDB4D",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panel246853BDA98F894A",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":9}"
+                    },
+                    {
+                        "key": "panel34258C8CA015F840",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelB567B28394BCEB44",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panelA50FD6D0B28B0841",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":17}"
+                    },
+                    {
+                        "key": "panel9C32854D84C29940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panel144BD3D19FC00B48",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel1B97D0B5958F3B49",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panelF09BBF798088FB41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25,\"minHeight\":3,\"minWidth\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel7954FF5B9CB3B945",
+                    "title": "Successful Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" as region nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDDAD359AB900B942",
+                    "title": "Failure Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" as region nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel40B571E3A8CF694E",
+                    "title": "Number of Messages Published",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfMessagesPublished Statistic=Sum topicname={{topicname}} Region=* ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel93252B51B57EDB4D",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userAgent\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"requestParameters.topicArn\" as topicArn nodrop | json \"requestParameters.name\" as name nodrop | json \"requestID\" nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel246853BDA98F894A",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel34258C8CA015F840",
+                    "title": "Message Publish Size",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=PublishSize Statistic=Average topicname={{topicname}} Region=*",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB567B28394BCEB44",
+                    "title": "Top Users",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"bar\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.userName\" as userName nodrop | json \"errorCode\" nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user\n| top 10 user by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA50FD6D0B28B0841",
+                    "title": "Events Trend by Event Name",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus \n| timeslice 1h\n| count as eventCount by _timeslice, eventName\n| transpose row _timeslice column eventName",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9C32854D84C29940",
+                    "title": "Published Messages Comparison",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS topicname={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A - #B",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel144BD3D19FC00B48",
+                    "title": "Number of Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsDelivered Statistic=Sum topicname={{topicname}} Region=* ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1B97D0B5958F3B49",
+                    "title": "Number of Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsFailed Statistic=Sum topicname={{topicname}} Region=*",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF09BBF798088FB41",
+                    "title": "Message Publish Size Comparison",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics topicname={{topicname}} Namespace=AWS/SNS metric=PublishSize Statistic=Average | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A - #B",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon SNS - Metric by Region",
+            "description": "",
+            "title": "2. Amazon SNS - Metric by Region",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "topicname": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-15m"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelA27999D2BE87AA49",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel82FC587B9BACF941",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panel5B8B44C3A5FE2B4D",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel6C973DE0BC0A3947",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":23}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelA27999D2BE87AA49",
+                    "title": "Number of Messages Published",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfMessagesPublished region={{region}} Statistic=Sum  | sum by TopicName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel82FC587B9BACF941",
+                    "title": "Message Publish Size",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=PublishSize Statistic=Average region={{region}} | sum by TopicName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5B8B44C3A5FE2B4D",
+                    "title": "Number of Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsDelivered Statistic=Sum region={{region}} | sum by TopicName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6C973DE0BC0A3947",
+                    "title": "Number of Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsFailed Statistic=Sum region={{region}} | sum by TopicName, account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon SNS - CloudTrail Events",
+            "description": "",
+            "title": "3. Amazon SNS - CloudTrail Events",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "topicname": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-15m"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel9724CE95BF93284E",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel13A28BCF9195784A",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel8295225DA9487941",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panel63133FE7966C3B44",
+                        "structure": "{\"height\":6,\"width\":7,\"x\":5,\"y\":9}"
+                    },
+                    {
+                        "key": "panelA3841CC48DC37A4E",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panel08DA60FCB6CBA94F",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel554DCC97A661E840",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":15}"
+                    },
+                    {
+                        "key": "panel8BD78A42A42E2941",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panel04C58849BF85EA40",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":21}"
+                    },
+                    {
+                        "key": "panelEB163726B40EDB42",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panel9FE68E49A0060A4D",
+                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":27}"
+                    },
+                    {
+                        "key": "panel47C00A9996D1FB46",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":33}"
+                    },
+                    {
+                        "key": "panelFA76DDA1858D6941",
+                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":33}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel9724CE95BF93284E",
+                    "title": "Successful Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel13A28BCF9195784A",
+                    "title": "Failure Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8295225DA9487941",
+                    "title": "Event Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel63133FE7966C3B44",
+                    "title": "Top Error Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by errorCode \n| top 10 errorCode by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA3841CC48DC37A4E",
+                    "title": "Event Status Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1d\n| count by _timeslice, eventStatus\n| fillmissing timeslice(1d), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1w"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel08DA60FCB6CBA94F",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel554DCC97A661E840",
+                    "title": "Failed Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1s\n| count as eventCount by _timeslice, eventName, errorCode, errorMessage, awsRegion, sourceIPAddress, accountId, user, type\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8BD78A42A42E2941",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userAgent\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"requestParameters.topicArn\" as topicArn nodrop | json \"requestParameters.name\" as name nodrop | json \"requestID\" nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel04C58849BF85EA40",
+                    "title": "Successful Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userAgent\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"requestParameters.topicArn\" as topicArn nodrop | json \"requestParameters.name\" as name nodrop | json \"requestID\" nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1s\n| count as eventCount by _timeslice, eventName, awsRegion, sourceIPAddress, accountId, user, type, requestId, name, topicArn, userAgent\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelEB163726B40EDB42",
+                    "title": "Top Users",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.userName\" as userName nodrop | json \"errorCode\" nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user\n| top 10 user by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9FE68E49A0060A4D",
+                    "title": "Events by User",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"bar\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.userName\" as userName nodrop | json \"errorCode\" nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1d\n| count as eventCount by user, eventName\n| transpose row user column eventName",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel47C00A9996D1FB46",
+                    "title": "Most Active TopicNames",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | json \"requestParameters.topicArn\" as topicArn1 nodrop | json \"responseElements.topicArn\" as topicArn2 nodrop\n| if (!isEmpty(topicArn1), topicArn1, topicArn2) as topicArn\n| where eventSource=\"sns.amazonaws.com\" and !isEmpty(topicArn)\n| parse field=topicArn \"arn:aws:sns:*:*:*\" as topicRegion, topicAccountId, topicName\n| count as eventCount by topicName\n| top 10 topicName by eventCount",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelFA76DDA1858D6941",
+                    "title": "Events Trend by Event Name",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop \n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus \n| timeslice 1h\n| count as eventCount by _timeslice, eventName\n| transpose row _timeslice column eventName",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-1d"
+                        },
+                        "to": null
+                    },
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file

From 556bc3d478c32e8c088aba0cf1607ce3505d1efd Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 17 Jun 2022 14:32:40 +0530
Subject: [PATCH 39/82] updating NLB app

---
 aws-observability/json/Nlb-App.json | 341 ++++++++++++++++++++--------
 1 file changed, 248 insertions(+), 93 deletions(-)

diff --git a/aws-observability/json/Nlb-App.json b/aws-observability/json/Nlb-App.json
index 33430d40..2009b42d 100644
--- a/aws-observability/json/Nlb-App.json
+++ b/aws-observability/json/Nlb-App.json
@@ -1,14 +1,13 @@
 {
     "type": "FolderSyncDefinition",
     "name": "AWS Network Load Balancer",
-    "description": "The AWS Network Load Balancer service is distributed in OSI Layer 4 (i.e., network) traffic (e.g., TCP, UDP, TLS) and can handle over a million requests per second. \n\nThe AWS Network Load Balancer dashboards provide insights to ensure that your network load-balancers are operating as expected, backend hosts are healthy and to quickly identify errors.",
+    "description": "The Sumo Logic App for AWS Network Load Balancer is using metrics to provide insights to ensure that your network load-balancers are operating as expected, backend hosts are healthy and to quickly identify errors.\n\nAWS Network Load Balancer service is distributed in OSI Layer 4 (i.e., network) traffic (e.g., TCP, UDP, TLS) and can handle over a million requests per second.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
             "name": "1. AWS Network Load Balancer - Active and New Flows",
             "description": "The AWS Network Load Balancer - Active and New Flows dashboard provides detailed insights for new flows, and active flows for TCP, TLS, and UDP traffic.",
             "title": "1. AWS Network Load Balancer - Active and New Flows",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -90,14 +89,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -114,14 +116,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount_TCP Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -138,14 +143,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount_UDP Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -162,14 +170,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount_TLS Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -186,14 +197,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -210,14 +224,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount_TCP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -234,14 +251,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount_TLS Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -258,14 +278,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=NewFlowCount_UDP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -305,7 +328,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -319,7 +343,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -328,12 +353,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -347,7 +373,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -361,7 +388,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -371,7 +399,6 @@
             "name": "1. AWS Network Load Balancer - Overview",
             "description": "The AWS Network Load Balancer - Overview dashboard provides detailed insights into a view of network utilization and performance. The dashboard provides information about the errors, health, and traffic handled by the load balancer.",
             "title": "1. AWS Network Load Balancer - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -449,14 +476,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -473,14 +503,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -497,14 +530,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone=* TargetGroup=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -521,14 +557,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone=* TargetGroup=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -545,14 +584,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ActiveFlowCount Statistic=Sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -569,14 +611,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -593,14 +638,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=maximum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | max by loadbalancer | filter max > 0",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -617,14 +665,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=*TLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -641,14 +692,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_ELB_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by account, region, namespace, LoadBalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -670,7 +724,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -684,7 +739,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -693,12 +749,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -712,7 +769,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -722,7 +780,6 @@
             "name": "2. AWS Network Load Balancer - Host Health Status",
             "description": "The AWS Network Load Balancer - Host Health Status dashboard provides detailed insights into the number of healthy and unhealthy hosts.",
             "title": "2. AWS Network Load Balancer - Host Health Status",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -796,14 +853,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=maximum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -820,14 +880,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=minimum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -844,14 +907,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -868,14 +934,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=maximum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -892,14 +961,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=minimum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -916,14 +988,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -940,14 +1015,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone, TargetGroup",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -964,14 +1042,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} TargetGroup={{targetgroup}} | sum by LoadBalancer, account, region, namespace, AvailabilityZone, TargetGroup",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -993,7 +1074,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1007,7 +1089,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1016,12 +1099,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1035,7 +1119,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1049,7 +1134,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1063,7 +1149,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1073,7 +1160,6 @@
             "name": "3. AWS Network Load Balancer - Errors",
             "description": "The AWS Network Load Balancer - Errors dashboard provides detailed insights into the errors reported by the network load balancer. This dashboard shows information for the total number of TLS handshakes that failed during negotiation between a client and a TLS listener, and the total number of TLS handshakes that failed during negotiation between a TLS listener and a target.",
             "title": "3. AWS Network Load Balancer - Errors",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1135,14 +1221,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by LoadBalancer, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1159,14 +1248,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum by LoadBalancer, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1192,14 +1284,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1216,14 +1311,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1245,7 +1343,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1259,7 +1358,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1268,12 +1368,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1287,17 +1388,17 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "4. AWS Network Load Balancer - Reset (RST) Packets",
+            "name": "4. AWS Network Load Balancer - Reset (RST) Packets New",
             "description": "The AWS Network Load Balancer - Reset (RST) Packets dashboard provides detailed insights into the number reset (RST) packets received by the network load balancer. The dashboard shows the information for the total number of reset (RST) packets sent from a client to a target , the total number of reset (RST) packets generated by the load balancer, and the total number of reset (RST) packets sent from a target to a client.",
-            "title": "4. AWS Network Load Balancer - Reset (RST) Packets",
-            "rootPanel": null,
+            "title": "4. AWS Network Load Balancer - Reset (RST) Packets New",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1367,14 +1468,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_Client_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1391,14 +1495,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_ELB_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1415,14 +1522,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_Target_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1448,14 +1558,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_ELB_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1472,14 +1585,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_Client_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1496,14 +1612,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=TCP_Target_Reset_Count Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1525,7 +1644,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1539,7 +1659,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1548,12 +1669,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1567,7 +1689,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1581,7 +1704,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1591,7 +1715,6 @@
             "name": "5. AWS Network Load Balancer - Processed Bytes",
             "description": "The AWS Network Load Balancer - Processed Bytes dashboard provides detailed insights into the amount of bytes processed by the load balancer for total, UDP, TCP and TLS traffic.",
             "title": "5. AWS Network Load Balancer - Processed Bytes",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1653,14 +1776,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1677,14 +1803,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes_TCP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1701,14 +1830,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes_UDP Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1725,14 +1857,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ProcessedBytes_TLS Statistic=sum account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} AvailabilityZone={{availabilityzone}} | sum by account, region, namespace, LoadBalancer, AvailabilityZone",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1763,7 +1898,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1777,7 +1913,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1786,12 +1923,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1805,7 +1943,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -1819,7 +1958,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
@@ -1829,7 +1969,6 @@
             "name": "6. AWS Network Load Balancer - Consumed LCUs",
             "description": "The AWS Network Load Balancer - Consumed LCUs dashboard shows you the total number of load balancer capacity units (LCU) used by your load balancer by network protocol.",
             "title": "6. AWS Network Load Balancer - Consumed LCUs",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1891,14 +2030,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1915,14 +2057,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs_TCP Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1939,14 +2084,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs_UDP Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1963,14 +2111,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=ConsumedLCUs_TLS Statistic=average account={{account}} region={{region}} LoadBalancer={{networkloadbalancer}} | avg by LoadBalancer, account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2001,7 +2152,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2015,7 +2167,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2024,12 +2177,13 @@
                     "defaultValue": "aws/networkelb",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/networkelb",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 },
                 {
                     "id": null,
@@ -2043,7 +2197,8 @@
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
-                    "hideFromUI": false
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []

From 65733633cb35478cfec49a005a903790b46df67f Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 17 Jun 2022 14:56:59 +0530
Subject: [PATCH 40/82] updating dashboard name

---
 aws-observability/json/Nlb-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/Nlb-App.json b/aws-observability/json/Nlb-App.json
index 2009b42d..54acb1d9 100644
--- a/aws-observability/json/Nlb-App.json
+++ b/aws-observability/json/Nlb-App.json
@@ -1396,7 +1396,7 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "4. AWS Network Load Balancer - Reset (RST) Packets New",
+            "name": "4. AWS Network Load Balancer - Reset (RST) Packets",
             "description": "The AWS Network Load Balancer - Reset (RST) Packets dashboard provides detailed insights into the number reset (RST) packets received by the network load balancer. The dashboard shows the information for the total number of reset (RST) packets sent from a client to a target , the total number of reset (RST) packets generated by the load balancer, and the total number of reset (RST) packets sent from a target to a client.",
             "title": "4. AWS Network Load Balancer - Reset (RST) Packets New",
             "theme": "Light",

From da5ffe5d0315880279a2eb8abb142372e0bd715b Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Mon, 20 Jun 2022 13:42:57 +0530
Subject: [PATCH 41/82] review comments fixed

---
 aws-observability-terraform/app-modules/README.md  | 6 +++---
 aws-observability-terraform/app-modules/main.tf    | 2 +-
 aws-observability-terraform/app-modules/outputs.tf | 6 +++---
 aws-observability-terraform/app-modules/sns/app.tf | 6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md
index 8647b24a..eeb51d08 100644
--- a/aws-observability-terraform/app-modules/README.md
+++ b/aws-observability-terraform/app-modules/README.md
@@ -88,7 +88,7 @@
 | <a name="output_sumologic_content_overview"></a> [sumologic\_content\_overview](#output\_sumologic\_content\_overview) | This output contains overview App. |
 | <a name="output_sumologic_content_rce"></a> [sumologic\_content\_rce](#output\_sumologic\_content\_rce) | This output contains rce Apps. |
 | <a name="output_sumologic_content_rds"></a> [sumologic\_content\_rds](#output\_sumologic\_content\_rds) | This output contains rds App. |
-| <a name="output_sumologic_content_sns"></a> [sumologic\_content\_sns](#output\_sumologic\_content\_sns) | This output contains apigateway App. |
+| <a name="output_sumologic_content_sns"></a> [sumologic\_content\_sns](#output\_sumologic\_content\_sns) | This output contains sns App. |
 | <a name="output_sumologic_field_alb"></a> [sumologic\_field\_alb](#output\_sumologic\_field\_alb) | This output contains fields required for alb app. |
 | <a name="output_sumologic_field_apigateway"></a> [sumologic\_field\_apigateway](#output\_sumologic\_field\_apigateway) | This output contains fields required for apigateway app. |
 | <a name="output_sumologic_field_dynamodb"></a> [sumologic\_field\_dynamodb](#output\_sumologic\_field\_dynamodb) | This output contains fields required for dynamodb app. |
@@ -104,12 +104,12 @@
 | <a name="output_sumologic_field_extraction_rule_elb"></a> [sumologic\_field\_extraction\_rule\_elb](#output\_sumologic\_field\_extraction\_rule\_elb) | This output contains Field Extraction rules required for classic elb app. |
 | <a name="output_sumologic_field_extraction_rule_lambda"></a> [sumologic\_field\_extraction\_rule\_lambda](#output\_sumologic\_field\_extraction\_rule\_lambda) | This output contains Field Extraction rules required for lambda app. |
 | <a name="output_sumologic_field_extraction_rule_rds"></a> [sumologic\_field\_extraction\_rule\_rds](#output\_sumologic\_field\_extraction\_rule\_rds) | This output contains Field Extraction rules required for rds app. |
-| <a name="output_sumologic_field_extraction_rule_sns"></a> [sumologic\_field\_extraction\_rule\_sns](#output\_sumologic\_field\_extraction\_rule\_sns) | This output contains Field Extraction rules required for apigateway app. |
+| <a name="output_sumologic_field_extraction_rule_sns"></a> [sumologic\_field\_extraction\_rule\_sns](#output\_sumologic\_field\_extraction\_rule\_sns) | This output contains Field Extraction rules required for sns app. |
 | <a name="output_sumologic_field_lambda"></a> [sumologic\_field\_lambda](#output\_sumologic\_field\_lambda) | This output contains fields required for lambda app. |
 | <a name="output_sumologic_field_nlb"></a> [sumologic\_field\_nlb](#output\_sumologic\_field\_nlb) | This output contains fields required for nlb app. |
 | <a name="output_sumologic_field_overview"></a> [sumologic\_field\_overview](#output\_sumologic\_field\_overview) | This output contains fields required for overview app. |
 | <a name="output_sumologic_field_rds"></a> [sumologic\_field\_rds](#output\_sumologic\_field\_rds) | This output contains fields required for rds app. |
-| <a name="output_sumologic_field_sns"></a> [sumologic\_field\_sns](#output\_sumologic\_field\_sns) | This output contains fields required for apigateway app. |
+| <a name="output_sumologic_field_sns"></a> [sumologic\_field\_sns](#output\_sumologic\_field\_sns) | This output contains fields required for sns app. |
 | <a name="output_sumologic_hierarchy"></a> [sumologic\_hierarchy](#output\_sumologic\_hierarchy) | This output contains Sumologic Hierarchy. |
 | <a name="output_sumologic_metric_rules_nlb"></a> [sumologic\_metric\_rules\_nlb](#output\_sumologic\_metric\_rules\_nlb) | This output contains metric rules required for nlb app. |
 | <a name="output_sumologic_metric_rules_rds"></a> [sumologic\_metric\_rules\_rds](#output\_sumologic\_metric\_rules\_rds) | This output contains metric rules required for rds app. |
diff --git a/aws-observability-terraform/app-modules/main.tf b/aws-observability-terraform/app-modules/main.tf
index 3ec058bf..a0fbd962 100644
--- a/aws-observability-terraform/app-modules/main.tf
+++ b/aws-observability-terraform/app-modules/main.tf
@@ -227,7 +227,7 @@ module "elb_app" {
 
 # Install the sns app and resources.
 module "sns_app" {
-  depends_on = [module.elb_app]
+  depends_on = [module.nlb_app]
   source     = "./sns"
 
   access_id                = var.access_id
diff --git a/aws-observability-terraform/app-modules/outputs.tf b/aws-observability-terraform/app-modules/outputs.tf
index 2f2bd65c..a8c9e72c 100644
--- a/aws-observability-terraform/app-modules/outputs.tf
+++ b/aws-observability-terraform/app-modules/outputs.tf
@@ -165,17 +165,17 @@ output "sumologic_content_rce" {
 
 output "sumologic_field_sns" {
   value       = module.sns_app.sumologic_field
-  description = "This output contains fields required for apigateway app."
+  description = "This output contains fields required for sns app."
 }
 
 output "sumologic_field_extraction_rule_sns" {
   value       = module.sns_app.sumologic_field_extraction_rule
-  description = "This output contains Field Extraction rules required for apigateway app."
+  description = "This output contains Field Extraction rules required for sns app."
 }
 
 output "sumologic_content_sns" {
   value       = module.sns_app.sumologic_content
-  description = "This output contains apigateway App."
+  description = "This output contains sns App."
 }
 
 output "sumologic_hierarchy" {
diff --git a/aws-observability-terraform/app-modules/sns/app.tf b/aws-observability-terraform/app-modules/sns/app.tf
index 21f399a3..713a3a9a 100644
--- a/aws-observability-terraform/app-modules/sns/app.tf
+++ b/aws-observability-terraform/app-modules/sns/app.tf
@@ -5,7 +5,7 @@ module "sns_module" {
   access_key  = var.access_key
   environment = var.environment
 
-  # ********************** No Metric Rules for API Gateway ********************** #
+  # ********************** No Metric Rules for SNS ********************** #
 
   # ********************** Fields ********************** #
   /***
@@ -19,8 +19,8 @@ module "sns_module" {
 ***/
   # ********************** FERs ********************** #
   managed_field_extraction_rules = {
-    "SnsFieldExtractionRule" = {
-      name             = "AwsObservabilitySNSLogsFER"
+    "SnsCloudTrailLogsFieldExtractionRule" = {
+      name             = "AwsObservabilitySNSCloudTrailLogsFER"
       scope            = "_sourcecategory=*cloudtrail* \"sns.amazonaws.com\""
       parse_expression = <<EOT
               | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop

From da2a9e9c310c85117eacf68f4e988b8e89198c8e Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Tue, 21 Jun 2022 13:13:20 +0530
Subject: [PATCH 42/82] ec2 cw EBS dashboard single value panel had multiple
 time series error.

---
 aws-observability/json/EC2-CW-Metrics-App.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability/json/EC2-CW-Metrics-App.json
index 14664d19..62906d0a 100644
--- a/aws-observability/json/EC2-CW-Metrics-App.json
+++ b/aws-observability/json/EC2-CW-Metrics-App.json
@@ -2742,7 +2742,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by account, region, namespace",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -2769,7 +2769,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by account, region, namespace",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",

From 9c566e3fb2156a0000a006a3afb8c52a84e39b3c Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Thu, 23 Jun 2022 18:57:22 +0530
Subject: [PATCH 43/82] Updating test suite README

---
 aws-observability-terraform/test/README.md    |  91 +++++++++++++
 .../test/appmodule/README.md                  | 115 ++++++----------
 .../test/sourcemodule/README.md               | 128 ++++++++----------
 3 files changed, 190 insertions(+), 144 deletions(-)
 create mode 100644 aws-observability-terraform/test/README.md

diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/README.md
new file mode 100644
index 00000000..e3d36293
--- /dev/null
+++ b/aws-observability-terraform/test/README.md
@@ -0,0 +1,91 @@
+# AWSO TF Test Automation
+
+## Pre-requisites
+
+- AWS cli configured
+- Git
+- Golang
+- Terraform
+- Sumo account (Preferably new) to run this test suite or any account which does not have conflicting resources with AWSO
+
+## App Module
+### How to run Test automation 
+1. Clone git repository
+2. Set variables at following file
+2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
+3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
+  go test -v -timeout 50m ./test/appmodule
+4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
+5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
+6. For example if you only run testcase 3 you can expect successful test execution as follows:
+
+### Success Criteria
+If all the test cases are passed successfully, then you can expect the below output. 
+
+### Failure Criteria
+If any of the test cases failed, then you can expect the below output. 
+### Limitations
+While running multiple test cases if any of the test cases failed then you need to do manual cleanup of the resources created. Alternatively you can go to folder aws-observability-terraform/examples/appmodule and run terraform destroy here manually to cleanup resources created.
+### How to Update Test Suite
+Codebase for App Module test cases is present at : aws-observability-terraform/test/appmodule
+1. If any resource is added / removed from the solution
+1.1 Modify the function validateSumoLogicResources at validateSumo.go
+1.2 Add / Remove the respective validation
+2. If New Sumo entity is added to AWSO Solution
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateSumo.go.
+2.1 validateSumoLogicAppsFolder
+2.2 validateSumoLogicFER
+2.3 validateSumoLogicField
+2.4 validateSumoLogicMetricRule
+2.5 validateSumoLogicMonitorsFolder
+2.6 validateSumoLogicHierarchy
+
+
+## Source Module
+### How to run Test automation 
+1. Clone git repository
+2. Set variables at following 2 files
+2.1 aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
+2.2 aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
+3. Provide Existing collectorID and S3 bucket at function TestSourceModule4 at
+3.1 aws-observability-terraform/test/sourcemodule/source_test.go
+4. Go to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
+4.1 go test -v -timeout 50m ./test/sourcemodule
+5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
+6. For example if you only run testcase 3 you can expect successful test execution as follows:
+
+### Success Criteria
+If all the test cases are passed successfully, then you can expect the below output. 
+
+### Failure Criteria
+If any of the test cases failed, then you can expect the below output. 
+
+### Limitations
+While running multiple test cases if any of the test cases failed then you need to do manual cleanup of the resources created. Alternatively you can go to following folders aws-observability-terraform/examples/appmodule and run terraform destroy on each of the following folders manually to cleanup resources created.
+ - aws-observability-terraform/examples/sourcemodule/testSource
+ - aws-observability-terraform/examples/sourcemodule/overrideSources
+
+### How to Update Test Suite
+Codebase for App Module test cases is present at : aws-observability-terraform/test/sourcemodule
+1. If any resource is added / removed from the solution
+1.1 Modify all the Test case functions at source_test.go . 
+1.2 Add / Remove the respective validation. E.g. If Classic LB gets deprecated from AWSO then followings things will have to be performed (wrt test framework only)
+   - Remove its sumo source validation.
+   - Remove validations for all the AWS resources created as a part of it such as SNS topic, SNS subscription, CF stack, etc.
+   - Similarly If any new service is added, write validations
+2. If New AWS entity is added to AWSO Solution
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateAWS.go.
+2.1 validateS3Bucket
+2.2 validateSNSTopic
+2.3 validateSNSsub
+2.4 validateIAMRole
+2.5 validateCloudTrail
+2.6 validateLambda
+2.7 validateCFStack
+2.8 validateKFstream
+2.9 validateCWmetricstream
+
+
+### Miscellaneous Links
+https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
+https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
\ No newline at end of file
diff --git a/aws-observability-terraform/test/appmodule/README.md b/aws-observability-terraform/test/appmodule/README.md
index ef28cb88..5b3643ce 100644
--- a/aws-observability-terraform/test/appmodule/README.md
+++ b/aws-observability-terraform/test/appmodule/README.md
@@ -1,72 +1,43 @@
-# Unit/Integration Tests for Sumo Logic SDO Terraform
-
-#### Unit Tests
-
-The unit tests verify/run following:
-1. `terraform` installation.
-2. `tflint` installation.
-3. Run `tflint`.
-4. Run `terraform init`. Make sure third party plugins are installed otherwise this will fail.
-5. Run `terraform validate`.
-6. Run `terraform fmt`.
-
-#### Running unit tests
-
-```shell
-cd test
-sh unit_tests.sh
-```
-
-#### Integration Tests
-
-[Terratest](https://terratest.gruntwork.io/) is being used for Integration testing of the Sumo Logic SDO Terraform scripts.
-
-Following objects are verified:
-
-1. Sumo Logic:
-
-    * Collector.
-    * Sources for each app i.e. Jira Server, Jira Cloud, Opsgenie, Bitbucket, Github and Pagerduty.
-    * App installation for Jira Cloud, Jira Server, Opsgenie, Bitbucket, Github and Pagerduty.
-    * Webhooks for Jira Cloud, Jira Server, Jira Service Desk, Opsgenie and Pagerduty.
-
-2. Atlassian
-
-    * Opsgenie Integration.
-
-3. Pagerduty
-
-    * Pagerduty Integration.
-
-
-#### Running integration tests
-
-
-1. Configure the execution options in `sumologic.auto.tfvars`, `atlassian.auto.tfvars`, `github.auto.tfvars`, `pagerduty.auto.tfvars` and `webhooks.auto-tfvars`.
-2. Configure your Sumo Logic Username by setting the environment variable:
-
-    * `SUMOLOGIC_USERNAME`, it should be the same user with which the access id is created.
-
-3. Install Terraform and make sure it's on your PATH.
-4. Install Golang and make sure it's on your PATH.
-5. Execute Tests
-
-    ```shell
-    cd test
-    dep ensure
-    go test -v -timeout 30m
-    ```
-6. The tests are divided into multiple stages:
-
-    * deploy
-    * validateSumoLogic
-    * validateAtlassian
-    * validatePagerduty
-    * cleanup
-
-    All the stages are executed by default. If you would like to skip a stage set the environment variables like `SKIP_deploy=true`.
-    This is very helpful for example if you are modifying the code and do not want to create/destroy resources with each test run.
-    To achieve this, for the first run you would set `SKIP_cleanup=true` and all other variables should be unset.
-    For the second run it would be `SKIP_cleanup=true` and `SKIP_deploy=true`.
-
-    Now, you can run tests without creating/destroying resources with each run. Once you are finished, unset `SKIP_cleanup` and run the tests to clean up the resources.
+## Pre-requisites
+
+- AWS cli configured
+- Git
+- Golang
+- Terraform
+- Sumo account (Preferably new) to run this test suite or any account which does not have conflicting resources with AWSO
+
+## App Module
+### How to run Test automation 
+1. Clone git repository
+2. Set variables at following file
+2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
+3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
+  go test -v -timeout 50m ./test/appmodule
+4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
+5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
+6. For example if you only run testcase 3 you can expect successful test execution as follows:
+
+### Success Criteria
+If all the test cases are passed successfully, then you can expect the below output. 
+
+### Failure Criteria
+If any of the test cases failed, then you can expect the below output. 
+### Limitations
+While running multiple test cases if any of the test cases failed then you need to do manual cleanup of the resources created. Alternatively you can go to folder aws-observability-terraform/examples/appmodule and run terraform destroy here manually to cleanup resources created.
+### How to Update Test Suite
+Codebase for App Module test cases is present at : aws-observability-terraform/test/appmodule
+1. If any resource is added / removed from the solution
+1.1 Modify the function validateSumoLogicResources at validateSumo.go
+1.2 Add / Remove the respective validation
+2. If New Sumo entity is added to AWSO Solution
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateSumo.go.
+2.1 validateSumoLogicAppsFolder
+2.2 validateSumoLogicFER
+2.3 validateSumoLogicField
+2.4 validateSumoLogicMetricRule
+2.5 validateSumoLogicMonitorsFolder
+2.6 validateSumoLogicHierarchy
+
+### Miscellaneous Links
+https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
+https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
\ No newline at end of file
diff --git a/aws-observability-terraform/test/sourcemodule/README.md b/aws-observability-terraform/test/sourcemodule/README.md
index ef28cb88..2db9d196 100644
--- a/aws-observability-terraform/test/sourcemodule/README.md
+++ b/aws-observability-terraform/test/sourcemodule/README.md
@@ -1,72 +1,56 @@
-# Unit/Integration Tests for Sumo Logic SDO Terraform
-
-#### Unit Tests
-
-The unit tests verify/run following:
-1. `terraform` installation.
-2. `tflint` installation.
-3. Run `tflint`.
-4. Run `terraform init`. Make sure third party plugins are installed otherwise this will fail.
-5. Run `terraform validate`.
-6. Run `terraform fmt`.
-
-#### Running unit tests
-
-```shell
-cd test
-sh unit_tests.sh
-```
-
-#### Integration Tests
-
-[Terratest](https://terratest.gruntwork.io/) is being used for Integration testing of the Sumo Logic SDO Terraform scripts.
-
-Following objects are verified:
-
-1. Sumo Logic:
-
-    * Collector.
-    * Sources for each app i.e. Jira Server, Jira Cloud, Opsgenie, Bitbucket, Github and Pagerduty.
-    * App installation for Jira Cloud, Jira Server, Opsgenie, Bitbucket, Github and Pagerduty.
-    * Webhooks for Jira Cloud, Jira Server, Jira Service Desk, Opsgenie and Pagerduty.
-
-2. Atlassian
-
-    * Opsgenie Integration.
-
-3. Pagerduty
-
-    * Pagerduty Integration.
-
-
-#### Running integration tests
-
-
-1. Configure the execution options in `sumologic.auto.tfvars`, `atlassian.auto.tfvars`, `github.auto.tfvars`, `pagerduty.auto.tfvars` and `webhooks.auto-tfvars`.
-2. Configure your Sumo Logic Username by setting the environment variable:
-
-    * `SUMOLOGIC_USERNAME`, it should be the same user with which the access id is created.
-
-3. Install Terraform and make sure it's on your PATH.
-4. Install Golang and make sure it's on your PATH.
-5. Execute Tests
-
-    ```shell
-    cd test
-    dep ensure
-    go test -v -timeout 30m
-    ```
-6. The tests are divided into multiple stages:
-
-    * deploy
-    * validateSumoLogic
-    * validateAtlassian
-    * validatePagerduty
-    * cleanup
-
-    All the stages are executed by default. If you would like to skip a stage set the environment variables like `SKIP_deploy=true`.
-    This is very helpful for example if you are modifying the code and do not want to create/destroy resources with each test run.
-    To achieve this, for the first run you would set `SKIP_cleanup=true` and all other variables should be unset.
-    For the second run it would be `SKIP_cleanup=true` and `SKIP_deploy=true`.
-
-    Now, you can run tests without creating/destroying resources with each run. Once you are finished, unset `SKIP_cleanup` and run the tests to clean up the resources.
+## Pre-requisites
+
+- AWS cli configured
+- Git
+- Golang
+- Terraform
+- Sumo account (Preferably new) to run this test suite or any account which does not have conflicting resources with AWSO
+
+## Source Module
+### How to run Test automation 
+1. Clone git repository
+2. Set variables at following 2 files
+2.1 aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
+2.2 aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
+3. Provide Existing collectorID and S3 bucket at function TestSourceModule4 at
+3.1 aws-observability-terraform/test/sourcemodule/source_test.go
+4. Go to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
+4.1 go test -v -timeout 50m ./test/sourcemodule
+5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
+6. For example if you only run testcase 3 you can expect successful test execution as follows:
+
+### Success Criteria
+If all the test cases are passed successfully, then you can expect the below output. 
+
+### Failure Criteria
+If any of the test cases failed, then you can expect the below output. 
+
+### Limitations
+While running multiple test cases if any of the test cases failed then you need to do manual cleanup of the resources created. Alternatively you can go to following folders aws-observability-terraform/examples/appmodule and run terraform destroy on each of the following folders manually to cleanup resources created.
+ - aws-observability-terraform/examples/sourcemodule/testSource
+ - aws-observability-terraform/examples/sourcemodule/overrideSources
+
+### How to Update Test Suite
+Codebase for App Module test cases is present at : aws-observability-terraform/test/sourcemodule
+1. If any resource is added / removed from the solution
+1.1 Modify all the Test case functions at source_test.go . 
+1.2 Add / Remove the respective validation. E.g. If Classic LB gets deprecated from AWSO then followings things will have to be performed (wrt test framework only)
+   - Remove its sumo source validation.
+   - Remove validations for all the AWS resources created as a part of it such as SNS topic, SNS subscription, CF stack, etc.
+   - Similarly If any new service is added, write validations
+2. If New AWS entity is added to AWSO Solution
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateAWS.go.
+2.1 validateS3Bucket
+2.2 validateSNSTopic
+2.3 validateSNSsub
+2.4 validateIAMRole
+2.5 validateCloudTrail
+2.6 validateLambda
+2.7 validateCFStack
+2.8 validateKFstream
+2.9 validateCWmetricstream
+
+
+### Miscellaneous Links
+https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
+https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
\ No newline at end of file

From 76b3bcd0514ae91149cfb630987ad3408cd41698 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Thu, 23 Jun 2022 19:02:46 +0530
Subject: [PATCH 44/82] formatting test suite READMEs

---
 aws-observability-terraform/test/README.md              | 4 ++--
 aws-observability-terraform/test/appmodule/README.md    | 2 +-
 aws-observability-terraform/test/sourcemodule/README.md | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/README.md
index e3d36293..fbffded9 100644
--- a/aws-observability-terraform/test/README.md
+++ b/aws-observability-terraform/test/README.md
@@ -14,7 +14,7 @@
 2. Set variables at following file
 2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
 3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
-  go test -v -timeout 50m ./test/appmodule
+```go test -v -timeout 50m ./test/appmodule```
 4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
 5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
 6. For example if you only run testcase 3 you can expect successful test execution as follows:
@@ -50,7 +50,7 @@ Currently we have validations for following entities, If apart from them any new
 3. Provide Existing collectorID and S3 bucket at function TestSourceModule4 at
 3.1 aws-observability-terraform/test/sourcemodule/source_test.go
 4. Go to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
-4.1 go test -v -timeout 50m ./test/sourcemodule
+```go test -v -timeout 50m ./test/sourcemodule```
 5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
 6. For example if you only run testcase 3 you can expect successful test execution as follows:
 
diff --git a/aws-observability-terraform/test/appmodule/README.md b/aws-observability-terraform/test/appmodule/README.md
index 5b3643ce..7cd944e2 100644
--- a/aws-observability-terraform/test/appmodule/README.md
+++ b/aws-observability-terraform/test/appmodule/README.md
@@ -12,7 +12,7 @@
 2. Set variables at following file
 2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
 3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
-  go test -v -timeout 50m ./test/appmodule
+```go test -v -timeout 50m ./test/appmodule```
 4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
 5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
 6. For example if you only run testcase 3 you can expect successful test execution as follows:
diff --git a/aws-observability-terraform/test/sourcemodule/README.md b/aws-observability-terraform/test/sourcemodule/README.md
index 2db9d196..25bb74f1 100644
--- a/aws-observability-terraform/test/sourcemodule/README.md
+++ b/aws-observability-terraform/test/sourcemodule/README.md
@@ -15,7 +15,7 @@
 3. Provide Existing collectorID and S3 bucket at function TestSourceModule4 at
 3.1 aws-observability-terraform/test/sourcemodule/source_test.go
 4. Go to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
-4.1 go test -v -timeout 50m ./test/sourcemodule
+```go test -v -timeout 50m ./test/sourcemodule```
 5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
 6. For example if you only run testcase 3 you can expect successful test execution as follows:
 

From eccdca78ac77d373112d4a9f166cc2c6644abb19 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 23 Jun 2022 19:06:06 +0530
Subject: [PATCH 45/82] Update README.md

---
 aws-observability-terraform/test/appmodule/README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/aws-observability-terraform/test/appmodule/README.md b/aws-observability-terraform/test/appmodule/README.md
index 7cd944e2..8a68ac62 100644
--- a/aws-observability-terraform/test/appmodule/README.md
+++ b/aws-observability-terraform/test/appmodule/README.md
@@ -13,9 +13,9 @@
 2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
 3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
 ```go test -v -timeout 50m ./test/appmodule```
-4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
-5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
-6. For example if you only run testcase 3 you can expect successful test execution as follows:
+5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
+6. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
+7. For example if you only run testcase 3 you can expect successful test execution as follows:
 
 ### Success Criteria
 If all the test cases are passed successfully, then you can expect the below output. 
@@ -40,4 +40,4 @@ Currently we have validations for following entities, If apart from them any new
 
 ### Miscellaneous Links
 https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
-https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
\ No newline at end of file
+https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing

From 8710ae6f8c6f3485d22793359afff8131a5b357d Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 23 Jun 2022 19:17:29 +0530
Subject: [PATCH 46/82] Update README.md

---
 aws-observability-terraform/test/README.md | 64 +++++++++++-----------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/README.md
index fbffded9..89d16f67 100644
--- a/aws-observability-terraform/test/README.md
+++ b/aws-observability-terraform/test/README.md
@@ -12,8 +12,8 @@
 ### How to run Test automation 
 1. Clone git repository
 2. Set variables at following file
-2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
-3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
+   - aws-observability-terraform/examples/appmodule/main.auto.tfvars
+3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test*
 ```go test -v -timeout 50m ./test/appmodule```
 4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
 5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
@@ -27,28 +27,28 @@ If any of the test cases failed, then you can expect the below output.
 ### Limitations
 While running multiple test cases if any of the test cases failed then you need to do manual cleanup of the resources created. Alternatively you can go to folder aws-observability-terraform/examples/appmodule and run terraform destroy here manually to cleanup resources created.
 ### How to Update Test Suite
-Codebase for App Module test cases is present at : aws-observability-terraform/test/appmodule
+Codebase for App Module test cases is present at : ```aws-observability-terraform/test/appmodule```
 1. If any resource is added / removed from the solution
-1.1 Modify the function validateSumoLogicResources at validateSumo.go
-1.2 Add / Remove the respective validation
+   - Modify the function validateSumoLogicResources at ```validateSumo.go```
+   - Add / Remove the respective validation
 2. If New Sumo entity is added to AWSO Solution
-Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateSumo.go.
-2.1 validateSumoLogicAppsFolder
-2.2 validateSumoLogicFER
-2.3 validateSumoLogicField
-2.4 validateSumoLogicMetricRule
-2.5 validateSumoLogicMonitorsFolder
-2.6 validateSumoLogicHierarchy
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at ```validateSumo.go.```
+   - validateSumoLogicAppsFolder
+   - validateSumoLogicFER
+   - validateSumoLogicField
+   - validateSumoLogicMetricRule
+   - validateSumoLogicMonitorsFolder
+   - validateSumoLogicHierarchy
 
 
 ## Source Module
 ### How to run Test automation 
 1. Clone git repository
 2. Set variables at following 2 files
-2.1 aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
-2.2 aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
+   - aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
+   - aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
 3. Provide Existing collectorID and S3 bucket at function TestSourceModule4 at
-3.1 aws-observability-terraform/test/sourcemodule/source_test.go
+   - aws-observability-terraform/test/sourcemodule/source_test.go
 4. Go to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
 ```go test -v -timeout 50m ./test/sourcemodule```
 5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
@@ -66,26 +66,26 @@ While running multiple test cases if any of the test cases failed then you need
  - aws-observability-terraform/examples/sourcemodule/overrideSources
 
 ### How to Update Test Suite
-Codebase for App Module test cases is present at : aws-observability-terraform/test/sourcemodule
+Codebase for App Module test cases is present at : ```aws-observability-terraform/test/sourcemodule```
 1. If any resource is added / removed from the solution
-1.1 Modify all the Test case functions at source_test.go . 
-1.2 Add / Remove the respective validation. E.g. If Classic LB gets deprecated from AWSO then followings things will have to be performed (wrt test framework only)
-   - Remove its sumo source validation.
-   - Remove validations for all the AWS resources created as a part of it such as SNS topic, SNS subscription, CF stack, etc.
-   - Similarly If any new service is added, write validations
+   - Modify all the Test case functions at ```source_test.go``` . 
+   - Add / Remove the respective validation. E.g. If Classic LB gets deprecated from AWSO then followings things will have to be performed (wrt test framework only)
+     - Remove its sumo source validation.
+     - Remove validations for all the AWS resources created as a part of it such as SNS topic, SNS subscription, CF stack, etc.
+     - Similarly If any new service is added, write validations
 2. If New AWS entity is added to AWSO Solution
-Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateAWS.go.
-2.1 validateS3Bucket
-2.2 validateSNSTopic
-2.3 validateSNSsub
-2.4 validateIAMRole
-2.5 validateCloudTrail
-2.6 validateLambda
-2.7 validateCFStack
-2.8 validateKFstream
-2.9 validateCWmetricstream
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at ```validateAWS.go```.
+   - validateS3Bucket
+   - validateSNSTopic
+   - validateSNSsub
+   - validateIAMRole
+   - validateCloudTrail
+   - validateLambda
+   - validateCFStack
+   - validateKFstream
+   - validateCWmetricstream
 
 
 ### Miscellaneous Links
 https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
-https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
\ No newline at end of file
+https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing

From 93ae80c2fec688d757cbf568a205d7b8c42c34ae Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 23 Jun 2022 19:18:24 +0530
Subject: [PATCH 47/82] Update README.md

---
 .../test/appmodule/README.md                  | 33 ++++++++++---------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/aws-observability-terraform/test/appmodule/README.md b/aws-observability-terraform/test/appmodule/README.md
index 8a68ac62..a346a814 100644
--- a/aws-observability-terraform/test/appmodule/README.md
+++ b/aws-observability-terraform/test/appmodule/README.md
@@ -1,3 +1,5 @@
+# AWSO TF App Module Test Automation
+
 ## Pre-requisites
 
 - AWS cli configured
@@ -10,12 +12,12 @@
 ### How to run Test automation 
 1. Clone git repository
 2. Set variables at following file
-2.1 aws-observability-terraform/examples/appmodule/main.auto.tfvars
-3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
+   - aws-observability-terraform/examples/appmodule/main.auto.tfvars
+3. Now Go back to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test*
 ```go test -v -timeout 50m ./test/appmodule```
-5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
-6. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
-7. For example if you only run testcase 3 you can expect successful test execution as follows:
+4. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
+5. In case of failure - you can determine the cause of failure, fix the issue and re-run the failed test case.
+6. For example if you only run testcase 3 you can expect successful test execution as follows:
 
 ### Success Criteria
 If all the test cases are passed successfully, then you can expect the below output. 
@@ -25,18 +27,19 @@ If any of the test cases failed, then you can expect the below output.
 ### Limitations
 While running multiple test cases if any of the test cases failed then you need to do manual cleanup of the resources created. Alternatively you can go to folder aws-observability-terraform/examples/appmodule and run terraform destroy here manually to cleanup resources created.
 ### How to Update Test Suite
-Codebase for App Module test cases is present at : aws-observability-terraform/test/appmodule
+Codebase for App Module test cases is present at : ```aws-observability-terraform/test/appmodule```
 1. If any resource is added / removed from the solution
-1.1 Modify the function validateSumoLogicResources at validateSumo.go
-1.2 Add / Remove the respective validation
+   - Modify the function validateSumoLogicResources at ```validateSumo.go```
+   - Add / Remove the respective validation
 2. If New Sumo entity is added to AWSO Solution
-Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateSumo.go.
-2.1 validateSumoLogicAppsFolder
-2.2 validateSumoLogicFER
-2.3 validateSumoLogicField
-2.4 validateSumoLogicMetricRule
-2.5 validateSumoLogicMonitorsFolder
-2.6 validateSumoLogicHierarchy
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at ```validateSumo.go.```
+   - validateSumoLogicAppsFolder
+   - validateSumoLogicFER
+   - validateSumoLogicField
+   - validateSumoLogicMetricRule
+   - validateSumoLogicMonitorsFolder
+   - validateSumoLogicHierarchy
+
 
 ### Miscellaneous Links
 https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618

From a33f3ba3b77f8ea28a8b209bc2dd1be9b7daf15c Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 23 Jun 2022 19:19:01 +0530
Subject: [PATCH 48/82] Update README.md

---
 .../test/sourcemodule/README.md               | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/aws-observability-terraform/test/sourcemodule/README.md b/aws-observability-terraform/test/sourcemodule/README.md
index 25bb74f1..2bc8955f 100644
--- a/aws-observability-terraform/test/sourcemodule/README.md
+++ b/aws-observability-terraform/test/sourcemodule/README.md
@@ -1,3 +1,5 @@
+# AWSO TF Source Module Test Automation
+
 ## Pre-requisites
 
 - AWS cli configured
@@ -10,10 +12,10 @@
 ### How to run Test automation 
 1. Clone git repository
 2. Set variables at following 2 files
-2.1 aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
-2.2 aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
+   - aws-observability-terraform/examples/sourcemodule/testSource/main.auto.tfvars
+   - aws-observability-terraform/examples/sourcemodule/overrideSources/main.auto.tfvars
 3. Provide Existing collectorID and S3 bucket at function TestSourceModule4 at
-3.1 aws-observability-terraform/test/sourcemodule/source_test.go
+   - aws-observability-terraform/test/sourcemodule/source_test.go
 4. Go to folder aws-observability-terraform and run following command to execute all Test functions, with function name pattern as Test* 
 ```go test -v -timeout 50m ./test/sourcemodule```
 5. Go test command runs all functions starting with name Test*. So if you want to run a particular test case according to your use case, comment the rest of the Testing functions. It’ll take less time to run than running all test cases.
@@ -31,26 +33,26 @@ While running multiple test cases if any of the test cases failed then you need
  - aws-observability-terraform/examples/sourcemodule/overrideSources
 
 ### How to Update Test Suite
-Codebase for App Module test cases is present at : aws-observability-terraform/test/sourcemodule
+Codebase for App Module test cases is present at : ```aws-observability-terraform/test/sourcemodule```
 1. If any resource is added / removed from the solution
-1.1 Modify all the Test case functions at source_test.go . 
-1.2 Add / Remove the respective validation. E.g. If Classic LB gets deprecated from AWSO then followings things will have to be performed (wrt test framework only)
-   - Remove its sumo source validation.
-   - Remove validations for all the AWS resources created as a part of it such as SNS topic, SNS subscription, CF stack, etc.
-   - Similarly If any new service is added, write validations
+   - Modify all the Test case functions at ```source_test.go``` . 
+   - Add / Remove the respective validation. E.g. If Classic LB gets deprecated from AWSO then followings things will have to be performed (wrt test framework only)
+     - Remove its sumo source validation.
+     - Remove validations for all the AWS resources created as a part of it such as SNS topic, SNS subscription, CF stack, etc.
+     - Similarly If any new service is added, write validations
 2. If New AWS entity is added to AWSO Solution
-Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at validateAWS.go.
-2.1 validateS3Bucket
-2.2 validateSNSTopic
-2.3 validateSNSsub
-2.4 validateIAMRole
-2.5 validateCloudTrail
-2.6 validateLambda
-2.7 validateCFStack
-2.8 validateKFstream
-2.9 validateCWmetricstream
+Currently we have validations for following entities, If apart from them any new entity is added please add its validation on similar lines at ```validateAWS.go```.
+   - validateS3Bucket
+   - validateSNSTopic
+   - validateSNSsub
+   - validateIAMRole
+   - validateCloudTrail
+   - validateLambda
+   - validateCFStack
+   - validateKFstream
+   - validateCWmetricstream
 
 
 ### Miscellaneous Links
 https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
-https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
\ No newline at end of file
+https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing

From 974ab35041ea6a2f643f4af0489755675c33239f Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Fri, 24 Jun 2022 13:57:58 +0530
Subject: [PATCH 49/82] Lambda App optimization

---
 aws-observability/json/Lambda-App.json | 593 ++++++++++++++++++-------
 1 file changed, 434 insertions(+), 159 deletions(-)

diff --git a/aws-observability/json/Lambda-App.json b/aws-observability/json/Lambda-App.json
index 7ca3d211..05ad87bb 100644
--- a/aws-observability/json/Lambda-App.json
+++ b/aws-observability/json/Lambda-App.json
@@ -1,14 +1,13 @@
 {
     "type": "FolderSyncDefinition",
     "name": "AWS Lambda",
-    "description": "The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Metrics and the CloudTrail Lambda Data Events to visualize the operational and performance trends in all the Lambda functions in your account. The preconfigured dashboards provide insights into executions such as memory and duration usage by function versions or aliases, errors, billed duration, function callers, IAM users, and threat details.",
+    "description": "The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Metrics and the CloudTrail Lambda Data Events to visualize the operational and performance trends in all the Lambda functions in your account. The preconfigured dashboards provide insights into executions, memory and duration usage by function versions or aliases, errors, billed duration, function callers, IAM users, and threat details.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
             "name": "1. AWS Lambda - Overview",
             "description": "The AWS Lambda - Overview dashboard provides intuitive insights with CloudWatch Lambda metrics, CloudTrail audit logs for Lambda, as well as  Lambda logs to give you an at-a-glance view of actions, performance, and health of your AWS Lambda functions.",
             "title": "1. AWS Lambda - Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -146,14 +145,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" IAMUser account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Invocations by caller\n| top 10 caller by Invocations",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -170,34 +172,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift -1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift -7d ",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -214,34 +225,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -258,34 +278,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Duration statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Duration statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Duration statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -302,34 +331,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Throttles statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Throttles statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Throttles statistic=average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -346,14 +384,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| sum(Duration) as %\"Total Duration\", avg(Duration) as %\"Avg Duration\", count as Invocations by functionname\n| top 10 functionname by %\"Avg Duration\", %\"Total Duration\", Invocations\n| format( \"%.2f\",%\"Avg Duration\") as %\"Avg Duration\"\n| format( \"%.2f\",%\"Total Duration\") as %\"Total Duration\"",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -370,14 +411,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used Size\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| max(MaxMemoryUsed) as MaxMemoryUsed, avg(MemorySize) as AvgMemorySize by functionname\n| top 10 functionname by MaxMemoryUsed, functionname asc, AvgMemorySize",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -394,14 +438,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "(errorMessage or ERROR or CRITICAL) account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as eventCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -418,14 +465,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(MemorySize) as MemorySizeAvg, avg(MaxMemoryUsed) as MaxMemoryUsedAvg by functionname\n| (MemorySizeAvg - MaxMemoryUsedAvg) as RemainingMemory\n| RemainingMemory/MemorySizeAvg as wastageRatio\n| top 5 functionname by wastageRatio, RemainingMemory, MaxMemoryUsedAvg\n| fields -wastageRatio",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -460,14 +510,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Invocations by caller\n| top 10 caller by Invocations",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -484,14 +537,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "(errorMessage or ERROR or CRITICAL) account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as num_errors by errorMessage, functionname\n| top 30 errorMessage, functionname by num_errors desc, errorMessage asc, functionname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -508,24 +564,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrencyInvocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -542,14 +604,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrentExecutions statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The number of events that are being processed on provisioned concurrency. For each invocation of an alias or version with provisioned concurrency, Lambda emits the current count.",
@@ -566,14 +631,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrencyUtilization statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The number of events that are being processed on provisioned concurrency, divided by the total amount of provisioned concurrency allocated. For example, .5 indicates that 50 percent of allocated provisioned concurrency is in use. For each invocation of an alias or version with provisioned concurrency, Lambda emits the current count.",
@@ -590,14 +658,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ProvisionedConcurrencySpilloverInvocations statistic=Maximum account={{account}} region={{region}} functionname={{functionname}} Resource=* | max by account, region, namespace",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "The number of invocations that are run on nonprovisioned concurrency, when all provisioned concurrency is in use. For a version or alias that is configured to use provisioned concurrency, Lambda increments the count once for each invocation that runs on non-provisioned concurrency.",
@@ -614,14 +685,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -638,14 +712,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (!isEmpty(errorMessage), 1, 0) as haserror\n| if (!isEmpty(errorMessage), 0, 1) as noerror\n| sum(haserror) as failures, sum(noerror) as successes by functionname\n| top 10 functionname by failures, successes",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -662,14 +739,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count by functionname, version\n| transpose row functionname column version",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -704,14 +784,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} eventName\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as count by functionname, event_name | sort by count, functionname, event_name | limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -728,14 +811,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}  \"init duration\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=message  \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\" as reqId, duration, bill_duration, mem_total, mem_used, initDur \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(initDur) as initDuration by functionname\n| sort by initDuration,functionname\n| limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -778,11 +864,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -813,7 +899,6 @@
             "name": "1. AWS Lambda - Request Analysis",
             "description": "The AWS Lambda - Request Analysis dashboard provides deeper insights into the invocations and performance of your AWS Lambda functions.",
             "title": "1. AWS Lambda - Request Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -915,34 +1000,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}  \"init duration\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=message  \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\" as reqId, duration, bill_duration, mem_total, mem_used, initDur \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 5m \n| count by functionname, _timeslice\n| fillmissing timeslice (5m) in _timeslice, values all in functionname\n| transpose row _timeslice column functionname",
                             "queryType": "Logs",
                             "queryKey": "C",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -959,14 +1053,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as events by src_ip\n| top 10 src_ip by events, src_ip asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -983,14 +1080,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as invocations by function_version\n| top 10 function_version by invocations, function_version asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1007,14 +1107,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" (\"\\\"eventName\\\":\\\"Invoke\\\"\" OR \"\\\"eventName\\\":\\\"AssumedRole\\\"\") account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name in (\"Invoke\", \"AssumedRole\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count as InvokeFrequency by function_version, _timeslice\n| transpose row _timeslice column function_version",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1031,14 +1134,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as activities by caller_type, caller\n| top 10 caller_type, caller  by activities, caller_type asc, caller",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1055,14 +1161,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId2>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId2>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| json \"requestID\", \"record.requestId\" as RequestId3, RequestId4 nodrop\n| if (isEmpty(RequestId), RequestId2, RequestId) as RequestId | if (isEmpty(RequestId), RequestId3, RequestId) as RequestId | if (isEmpty(RequestId), RequestId4, RequestId) as RequestId\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (isEmpty(errorMessage), \"Success\", \"Failure\") as eventStatus\n| count as frequency by functionname, version, eventStatus, requestId\n| sort by functionname asc\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1079,14 +1188,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as frequency by functionname, function_version, caller, caller_type, src_ip, Region\n| sort by frequency, functionname, function_version, caller, caller_type, src_ip, Region\n| limit 30 | fields -frequency",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1103,14 +1215,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count as events by version\n| sort by events, version asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1127,14 +1242,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress \n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and !(src_ip matches \"*.amazonaws.com\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, event_name\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress \n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and !(src_ip matches \"*.amazonaws.com\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, event_name\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1169,14 +1287,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (isEmpty(errorMessage), \"Success\", \"Failure\") as eventStatus\n| timeslice 15m\n| count as eventCount by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1193,14 +1314,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count by functionname, version\n| transpose row version column functionname",
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count by functionname, version\n| transpose row version column functionname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1217,14 +1341,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| if (isEmpty(errorMessage), \"Success\", \"Failure\") as eventStatus\n| count as eventCount by eventStatus\n| sort by eventCount, eventStatus asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1241,24 +1368,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 15m\n| sum(Duration) as Duration by functionname, _timeslice\n| transpose row _timeslice column functionname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}}  \"init duration\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=message  \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\" as reqId, duration, bill_duration, mem_total, mem_used, initDur \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 5m\n| avg(initDur) as initDuration by functionname, _timeslice\n| transpose row _timeslice column functionname",
                             "queryType": "Logs",
                             "queryKey": "B",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1301,11 +1434,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1336,7 +1469,6 @@
             "name": "2. AWS Lambda - Usage Analysis",
             "description": "AWS Lambda - Usage Analysis dashboard provides insights into function usage by AWS services, user agents, and IAM users.",
             "title": "2. AWS Lambda - Usage Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1410,14 +1542,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"IAMUser\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop\n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count by caller, _timeslice\n| transpose row _timeslice column caller ",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1434,14 +1569,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"IAMUser\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Frequency by caller\n| top 10 caller by Frequency",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1458,14 +1596,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"IAMUser\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"IAMUser\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as today by caller \n| compare with timeshift 1d as yesterday\n| sort by today\n| today_yesterday as yesterday\n| fields -today_yesterday",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1482,14 +1623,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop\n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count by caller, _timeslice\n| transpose row _timeslice column caller",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1506,14 +1650,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \n\"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as today by caller\n| compare with timeshift 1d as yesterday\n| sort by today\n| today_yesterday as yesterday\n| fields -today_yesterday",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1530,14 +1677,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" \"\\\"type\\\":\\\"AWSService\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\" and caller_type = \"AWSService\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Frequency by caller\n| top 10 caller by Frequency",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1554,14 +1704,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} userAgent\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\"\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as Frequency by user_agent\n| top 10 user_agent by Frequency, user_agent asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1578,14 +1731,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} userAgent\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where event_name = \"Invoke\"\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as today by user_agent\n| compare with timeshift 1d as yesterday\n| today_yesterday as yesterday\n| sort by today, yesterday\n| fields -today_yesterday\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1628,11 +1784,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -1663,7 +1819,6 @@
             "name": "3. AWS Lambda - Error Analysis",
             "description": "The AWS Lambda - Error Analysis dashboard provides insights on errors and warnings in your AWS Lambda functions.",
             "title": "3. AWS Lambda - Error Analysis",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1697,10 +1852,6 @@
                         "key": "panelpane-a12e5afa999cfa4e",
                         "structure": "{\"height\":7,\"width\":4,\"x\":0,\"y\":1}"
                     },
-                    {
-                        "key": "panelpane-9b125784bf09f843",
-                        "structure": "{\"height\":7,\"width\":14,\"x\":10,\"y\":1}"
-                    },
                     {
                         "key": "panelpane-94e9b41a9d04284b",
                         "structure": "{\"height\":6,\"width\":10,\"x\":4,\"y\":16}"
@@ -1748,6 +1899,10 @@
                     {
                         "key": "panelPANE-2436227CAC35E940",
                         "structure": "{\"height\":7,\"width\":14,\"x\":10,\"y\":8}"
+                    },
+                    {
+                        "key": "panel1070F643BB5CF946",
+                        "structure": "{\"height\":7,\"width\":14,\"x\":10,\"y\":1,\"minHeight\":3,\"minWidth\":3}"
                     }
                 ]
             },
@@ -1761,38 +1916,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as eventCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelpane-9b125784bf09f843",
-                    "title": "Top Error Messages",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as Frequency by errorMessage, functionname, version\n| top 30 errorMessage, functionname, version by Frequency desc, errorMessage asc, functionname asc, version asc",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1809,24 +1943,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "Namespace={{namespace}} metric=Errors Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by functionname, namespace, region, account",
+                            "transient": false,
+                            "queryString": "Namespace={{namespace}} metric=Errors Statistic=sum   account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
-                            "queryString": "Namespace={{namespace}} metric=Errors Statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
+                            "transient": false,
+                            "queryString": "Namespace={{namespace}} metric=Errors Statistic=sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1843,24 +1983,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=IteratorAge Statistic=Maximum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=IteratorAge Statistic=Maximum account={{account}} region={{region}} functionname=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1877,24 +2023,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "Namespace={{namespace}} metric=Throttles Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | Sum by functionname, namespace, region, account",
+                            "transient": false,
+                            "queryString": "Namespace={{namespace}} metric=Throttles Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Throttles Statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1906,29 +2058,35 @@
                     "id": null,
                     "key": "panelpane-fd692661bfea5a47",
                     "title": "Dead Letter Errors - Trend",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Error Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}}]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":\"0\",\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":\"3\"},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Error Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}}],\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "Namespace={{namespace}} metric=DeadLetterErrors Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by functionname, namespace, region, account",
+                            "transient": false,
+                            "queryString": "Namespace={{namespace}} metric=DeadLetterErrors Statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=DeadLetterErrors Statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg ",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1945,14 +2103,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count by version\n| sort by _count, version asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -1987,14 +2148,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Throttles Statistic=sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2011,14 +2175,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace={{namespace}} metric=Errors statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2035,14 +2202,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} WARNING\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname \n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL|WARNING):(?<warningMessage>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\s(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL|WARNING) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<warningMessage>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| where !isEmpty(warningMessage)\n| count as eventCount",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2059,14 +2229,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} WARNING\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL|WARNING):(?<warningMessage>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\s(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL|WARNING) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<warningMessage>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| where !isEmpty(warningMessage)\n| count by version\n| sort by _count, version asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2083,14 +2256,44 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} WARNING\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL|WARNING):(?<warningMessage>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\s(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL|WARNING)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<warningMessage>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL|WARNING) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<warningMessage>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| where !isEmpty(warningMessage)\n| count as Frequency by warningMessage, functionname, version\n| top 30 warningMessage, functionname, version by Frequency desc, warningMessage asc, functionname asc, version asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1070F643BB5CF946",
+                    "title": "Top Error Messages",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "(errorMessage or ERROR or CRITICAL or \"Task timed out\") account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorObj>.*)\" nodrop | json field=errorObj \"errorMessage\" nodrop\n| parse regex field=message \"^(?<time>\\d+\\/\\d+\\/\\d+\\s+\\d+:\\d+:\\d+):(?<logLevel>ERROR|CRITICAL):(?<errorMsg>.*)\" nodrop \n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\s(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^\\[(?<logLevel>ERROR|CRITICAL)]\\t(?<time>\\d[^\\t]*)\\t(?<RequestId>[^\\t]*)\\t(?<errorMsg>.*)\" nodrop\n| parse regex field=message \"^(?<logLevel>ERROR|CRITICAL) \\| (?<time>.*) \\| (?<thread>.*) \\| (?<component>.*) \\| (?<errorMsg>.*)\" nodrop\n| parse regex field=message \"(?<errorMsg>.*HTTPError.*)\" nodrop\n| parse regex field=message \"^(?<errorMsg>Task timed out after .*)\" nodrop\n| if (isEmpty(errorMessage), errorMsg, errorMessage) as errorMessage\n| where !isEmpty(errorMessage)\n| count as Frequency by errorMessage, functionname, version\n| top 30 errorMessage, functionname, version by Frequency desc, errorMessage asc, functionname asc, version asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2133,11 +2336,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2168,7 +2371,6 @@
             "name": "4. AWS Lambda - Resource Usage",
             "description": "AWS Lambda - Resource Usage dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, and compute usage.",
             "title": "4. AWS Lambda - Resource Usage",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2258,14 +2460,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 15m\n| sum(MaxMemoryUsed) as MaxMemoryUsedSum by functionname, _timeslice\n| transpose row _timeslice column functionname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2282,14 +2487,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| sum(Duration) as TotalDuration, avg(Duration) as AvgDuration, min(Duration) as MinDuration, max(Duration) as MaxDuration by functionname\n| sort by TotalDuration, functionname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2306,14 +2514,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory Used Size\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| count as Frequency by functionname, RequestId, Duration, BilledDuration, MemorySize, MaxMemoryUsed, _messagetime \n| sort by _messagetime | limit 20\n| formatDate(_messagetime, \"yyyy/MM/dd HH:mm:ss Z\") as time\n| fields -Frequency\n| fields -_messagetime\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2330,14 +2541,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate, version, logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| sum(MaxMemoryUsed) as MemoryUsed by functionname\n| sort by MemoryUsed, functionname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2354,14 +2568,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(BilledDuration) as BilledDurationAvg, avg(Duration) as AvgDuration by functionname\n| BilledDurationAvg-AvgDuration as BilledUnusedDuration\n| BilledUnusedDuration/BilledDurationAvg as wastageRatio\n| top 5 functionname by wastageRatio, BilledUnusedDuration, AvgDuration\n| fields -wastageRatio",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2378,14 +2595,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| avg(MemorySize) as MemorySizeAvg, avg(MaxMemoryUsed) as MaxMemoryUsedAvg by functionname\n| (MemorySizeAvg-MaxMemoryUsedAvg) as AvgUnusedAllocatedMemory\n| AvgUnusedAllocatedMemory/MemorySizeAvg as wastageRatio\n| top 5 functionname by wastageRatio, AvgUnusedAllocatedMemory, MaxMemoryUsedAvg\n| fields -wastageRatio",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2402,14 +2622,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n// AWS Billing Calculation\n| BilledDuration/1000 as BillDurationSeconds\n| MemorySize/1024 as MemorySizeGB\n| BillDurationSeconds * MemorySizeGB as ComputeUsage\n| sum(ComputeUsage) as ComputeUsage by functionname\n| sort by ComputeUsage, functionname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2426,14 +2649,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 15m\n// AWS Billing Calculation\n| BilledDuration/1000 as BillDurationSeconds\n| MemorySize/1024 as MemorySizeGB\n| BillDurationSeconds * MemorySizeGB as ComputeUsage\n| sum(ComputeUsage) as ComputeUsage by functionname, _timeslice\n| transpose row _timeslice column functionname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2512,11 +2738,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2547,7 +2773,6 @@
             "name": "5. AWS Lambda - Performance Trends",
             "description": "AWS Lambda - Performance Trends dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage.",
             "title": "5. AWS Lambda - Performance Trends",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2629,24 +2854,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Duration Statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=Duration Statistic=Average account={{account}} region={{region}} functionname=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2681,34 +2912,43 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=UnreservedConcurrentExecutions Statistic=Average account={{account}} region={{region}} | avg by namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=UnreservedConcurrentExecutions Statistic=Average account={{account}} region={{region}} | avg by namespace, region, account | timeshift -1d",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=UnreservedConcurrentExecutions Statistic=Average account={{account}} region={{region}} | avg by namespace, region, account | timeshift -7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2725,24 +2965,30 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ConcurrentExecutions Statistic=Average account={{account}} region={{region}} functionname={{functionname}} Resource=* | sum by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         },
                         {
+                            "transient": false,
                             "queryString": "Namespace={{namespace}} metric=ConcurrentExecutions Statistic=Average account={{account}} region={{region}} functionname=* |  sum",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2768,14 +3014,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n| sum(MemorySize) as MemorySize, sum(MaxMemoryUsed) as MaxMemoryUsed by _timeslice\n| MemorySize - MaxMemoryUsed as UnusedMemory\n| predict UnusedMemory by 10m model=ar, forecast=18\n| fields - MaxMemoryUsed, MemorySize, UnusedMemory_error, UnusedMemory_linear",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2792,14 +3041,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Memory Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n| sum(MaxMemoryUsed) as MaxMemoryUsed by _timeslice\n| predict MaxMemoryUsed by 10m model=ar, forecast=18\n| fields - MaxMemoryUsed_error, MaxMemoryUsed_linear",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2816,14 +3068,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration Memory Size\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n// AWS Billing Calculation\n| BilledDuration/1000 as BillDurationSeconds\n| MemorySize/1024 as MemorySizeGB\n| BillDurationSeconds * MemorySizeGB as ComputeUsage\n| sum(ComputeUsage) as ComputeUsage by _timeslice\n| predict ComputeUsage by 10m model=ar, forecast=18\n| fields - ComputeUsage_linear, ComputeUsage_error",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2840,14 +3095,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} region={{region}} Namespace={{namespace}} Duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?<RequestId>[^\\s]+)\\s+Duration:\\s+(?<Duration>[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?<BilledDuration>[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?<MemorySize>[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?<MaxMemoryUsed>[^\\s]+)\\s+MB\" \n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionName\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 10m\n| sum(BilledDuration) as BilledDuration by _timeslice\n| predict BilledDuration by 10m model=ar, forecast=18\n| fields - BilledDuration_error, BilledDuration_linear",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
                         }
                     ],
                     "description": "",
@@ -2890,11 +3148,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,
@@ -2925,7 +3183,6 @@
             "name": "6. AWS Lambda - Threat Intel",
             "description": "AWS Lambda - Threat Intel dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic’s Threat Intel feature. Panels show detailed information on malicious IPs and the malicious confidence of each threat.",
             "title": "6. AWS Lambda - Threat Intel",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -2991,14 +3248,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum(ip_count) as threat_count",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum(ip_count) as threat_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3015,14 +3275,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, functionName, caller, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, functionName, caller, user_agent, type, actor, malicious_confidence",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as count by src_ip, functionName, caller, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by count\n| fields src_ip, functionName, caller, user_agent, type, actor, malicious_confidence",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3039,14 +3302,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by src_ip, malicious_confidence, Actor, label_name\n| sort by malicious_confidence",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip,functionname\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count by src_ip,functionname, malicious_confidence, Actor, label_name\n| sort by malicious_confidence",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3063,14 +3329,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip,  functionName, caller, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count as Threats by malicious_confidence\n| sort by Threats",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where  type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count as Threats by malicious_confidence\n| sort by Threats, malicious_confidence",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3087,14 +3356,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| where !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3111,14 +3383,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
-                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count by src_ip, functionName\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(_count) as UniqueThreatIPs by functionName\n| top 20 functionName by UniqueThreatIPs, functionName asc",
+                            "transient": false,
+                            "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<functionname>[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?<function_version>[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as count by src_ip, functionname\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(count) as unique_threat_ips by functionName\n| top 20 functionname by unique_threat_ips, functionname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -3161,11 +3436,11 @@
                 {
                     "id": null,
                     "name": "namespace",
-                    "displayName": null,
+                    "displayName": "namespace",
                     "defaultValue": "aws/lambda",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}}",
+                        "filter": "account={{account}} region={{region}} namespace=aws/lambda",
                         "key": "namespace"
                     },
                     "allowMultiSelect": false,

From 70aa2e54e326841a01143572a30a19412d14f73f Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Tue, 28 Jun 2022 11:13:58 +0530
Subject: [PATCH 50/82] modified sns app

---
 aws-observability/json/Sns-App.json | 1344 +++++++++++++--------------
 1 file changed, 671 insertions(+), 673 deletions(-)

diff --git a/aws-observability/json/Sns-App.json b/aws-observability/json/Sns-App.json
index 3acb88d8..1c844430 100644
--- a/aws-observability/json/Sns-App.json
+++ b/aws-observability/json/Sns-App.json
@@ -1,13 +1,13 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "Amazon SNS",
-    "description": "",
+    "name": "Amazon - SNS",
+    "description": "The Sumo Logic App for Amazon SNS is a unified logs and metrics App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "1. Amazon SNS - Metric by TopicName",
+            "name": "1. Amazon SNS - Messages, Notifications ",
             "description": "",
-            "title": "1. Amazon SNS - Metric by TopicName",
+            "title": "1. Amazon SNS - Messages, Notifications ",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -30,7 +30,7 @@
                 "type": "BeginBoundedTimeRange",
                 "from": {
                     "type": "RelativeTimeRangeBoundary",
-                    "relativeTime": "-15m"
+                    "relativeTime": "-1d"
                 },
                 "to": null
             },
@@ -38,35 +38,170 @@
                 "layoutType": "Grid",
                 "layoutStructures": [
                     {
-                        "key": "panelA27999D2BE87AA49",
-                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":0}"
+                        "key": "panel82FC587B9BACF941",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":11}"
                     },
                     {
-                        "key": "panel82FC587B9BACF941",
-                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":7}"
+                        "key": "panelPANE-A3ADC6ED8EDF2B4C",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel1FA1906D834C9B46",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":12,\"y\":0}"
                     },
                     {
-                        "key": "panel5B8B44C3A5FE2B4D",
-                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":15}"
+                        "key": "panel815D399A933C5940",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":18,\"y\":0}"
                     },
                     {
-                        "key": "panel6C973DE0BC0A3947",
-                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":23}"
+                        "key": "panel81AC01C88E6C8B46",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panel5DD1E582BAA4A84F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panel71CB92F989A1D84E",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":17}"
+                    },
+                    {
+                        "key": "panelB60F8DEDAEA58B42",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":4}"
+                    },
+                    {
+                        "key": "panel5BAB854CBFE61843",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":4}"
+                    },
+                    {
+                        "key": "panelD1555A7CB4485845",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":4}"
+                    },
+                    {
+                        "key": "panel27A5906DA65FE84B",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":6,\"y\":0}"
                     }
                 ]
             },
             "panels": [
                 {
                     "id": null,
-                    "key": "panelA27999D2BE87AA49",
-                    "title": "Number of Messages Published",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel82FC587B9BACF941",
+                    "title": "Message Publish Size (Today , Yesterday , Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"hiddenQueryKeys\":[],\"overrides\":[{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"D\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"E\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size (Bytes)\"},\"axisX\":{\"title\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#C | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "D",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#C | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "E",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A3ADC6ED8EDF2B4C",
+                    "title": "Messages Published",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Messages\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1FA1906D834C9B46",
+                    "title": "Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum \n\n",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel815D399A933C5940",
+                    "title": "Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfMessagesPublished Statistic=Sum topicname={{topicname}} | sum by TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -75,32 +210,104 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel81AC01C88E6C8B46",
+                    "title": "Messages Published (Today,Yesterday,Last Week)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Messages\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
-                        "to": null
-                    },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panel82FC587B9BACF941",
-                    "title": "Message Publish Size",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel5DD1E582BAA4A84F",
+                    "title": "Notifications Delivered (Today,Yesterday,Last Week)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=PublishSize Statistic=Average topicname={{topicname}} | avg by TopicName ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
@@ -109,32 +316,78 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel71CB92F989A1D84E",
+                    "title": "Notifications Failed (Today,Yesterday,Last Week) ",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
-                        "to": null
-                    },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panel5B8B44C3A5FE2B4D",
-                    "title": "Number of Notifications Delivered",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panelB60F8DEDAEA58B42",
+                    "title": "Messages Published by TopicName",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Messages Published\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsDelivered Statistic=Sum topicname={{topicname}} | sum by TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by TopicName",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -143,32 +396,25 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panel6C973DE0BC0A3947",
-                    "title": "Number of Notifications Failed",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel5BAB854CBFE61843",
+                    "title": "Notifications Delivered by TopicName",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Notifications Delivered\"}}]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsFailed Statistic=Sum topicname={{topicname}} | sum by TopicName ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by TopicName ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -177,18 +423,65 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD1555A7CB4485845",
+                    "title": "Notifications Failed by TopicName ",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Notifications Failed\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by TopicName ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27A5906DA65FE84B",
+                    "title": "Avg Message Size",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"Bytes\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 }
@@ -216,7 +509,7 @@
                     "defaultValue": "*",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
+                        "filter": "account={{account}}",
                         "key": "region"
                     },
                     "allowMultiSelect": false,
@@ -224,6 +517,21 @@
                     "hideFromUI": false,
                     "valueType": "Any"
                 },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
                 {
                     "id": null,
                     "name": "topicname",
@@ -231,7 +539,7 @@
                     "defaultValue": "*",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
                         "key": "topicname"
                     },
                     "allowMultiSelect": false,
@@ -266,7 +574,7 @@
                 "type": "BeginBoundedTimeRange",
                 "from": {
                     "type": "RelativeTimeRangeBoundary",
-                    "relativeTime": "-15m"
+                    "relativeTime": "-1d"
                 },
                 "to": null
             },
@@ -274,155 +582,106 @@
                 "layoutType": "Grid",
                 "layoutStructures": [
                     {
-                        "key": "panel7954FF5B9CB3B945",
-                        "structure": "{\"height\":9,\"width\":6,\"x\":0,\"y\":0}"
+                        "key": "panel40B571E3A8CF694E",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}"
                     },
                     {
-                        "key": "panelDDAD359AB900B942",
-                        "structure": "{\"height\":9,\"width\":6,\"x\":6,\"y\":0}"
+                        "key": "panel93252B51B57EDB4D",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":0,\"y\":1}"
                     },
                     {
-                        "key": "panel40B571E3A8CF694E",
-                        "structure": "{\"height\":7,\"width\":12,\"x\":12,\"y\":0}"
+                        "key": "panel246853BDA98F894A",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":5,\"y\":1}"
                     },
                     {
-                        "key": "panel93252B51B57EDB4D",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":9}"
+                        "key": "panel8E6DF23A8D775A4B",
+                        "structure": "{\"height\":5,\"width\":7,\"x\":10,\"y\":1}"
                     },
                     {
-                        "key": "panel246853BDA98F894A",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":9}"
+                        "key": "panelDA2DFDF2A4D19A44",
+                        "structure": "{\"height\":5,\"width\":7,\"x\":17,\"y\":1}"
                     },
                     {
-                        "key": "panel34258C8CA015F840",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}"
+                        "key": "panel9CBE3510857A6845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
                     },
                     {
-                        "key": "panelB567B28394BCEB44",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":17}"
+                        "key": "panel6BF3727D86A0E949",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}"
                     },
                     {
-                        "key": "panelA50FD6D0B28B0841",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":17}"
+                        "key": "panelCB717EB5B480A948",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}"
                     },
                     {
-                        "key": "panel9C32854D84C29940",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                        "key": "panel5C761868A14A7B40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}"
                     },
                     {
-                        "key": "panel144BD3D19FC00B48",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13,\"minHeight\":3,\"minWidth\":3}"
+                        "key": "panel2C1AFF3CADD60947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
                     },
                     {
-                        "key": "panel1B97D0B5958F3B49",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19,\"minHeight\":3,\"minWidth\":3}"
+                        "key": "panelPANE-88E3C816ADF55B44",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
                     },
                     {
-                        "key": "panelF09BBF798088FB41",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25,\"minHeight\":3,\"minWidth\":3}"
+                        "key": "panel8E54E5239FF80A4D",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":12}"
                     }
                 ]
             },
             "panels": [
                 {
                     "id": null,
-                    "key": "panel7954FF5B9CB3B945",
-                    "title": "Successful Events Location",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "key": "panel40B571E3A8CF694E",
+                    "title": "Messages Published (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Messages\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" as region nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
-                            "queryType": "Logs",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}}  metric=NumberOfMessagesPublished Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
                             "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
+                            "outputCardinalityLimit": 1000
                         },
-                        "to": null
-                    },
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelDDAD359AB900B942",
-                    "title": "Failure Events Location",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" as region nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
+                            "queryString": "#A | timeshift 1d ",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Manual",
+                            "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
+                            "outputCardinalityLimit": 1000
                         },
-                        "to": null
-                    },
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel40B571E3A8CF694E",
-                    "title": "Number of Messages Published",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfMessagesPublished Statistic=Sum topicname={{topicname}} Region=* ",
+                            "queryString": "#A | timeshift 7d",
                             "queryType": "Metrics",
-                            "queryKey": "A",
+                            "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -430,13 +689,13 @@
                     "id": null,
                     "key": "panel93252B51B57EDB4D",
                     "title": "Successful Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userAgent\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"requestParameters.topicArn\" as topicArn nodrop | json \"requestParameters.name\" as name nodrop | json \"requestID\" nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -445,18 +704,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -464,13 +716,13 @@
                     "id": null,
                     "key": "panel246853BDA98F894A",
                     "title": "Failed Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":1,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count \n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -479,66 +731,52 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panel34258C8CA015F840",
-                    "title": "Message Publish Size",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel8E6DF23A8D775A4B",
+                    "title": "Events by Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=PublishSize Statistic=Average topicname={{topicname}} Region=*",
-                            "queryType": "Metrics",
-                            "queryKey": "C",
-                            "metricsQueryMode": "Advanced",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count,event_status asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Auto",
+                            "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panelB567B28394BCEB44",
-                    "title": "Top Users",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"bar\"}}",
+                    "key": "panelDA2DFDF2A4D19A44",
+                    "title": "Events by Event Name",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.userName\" as userName nodrop | json \"errorCode\" nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user\n| top 10 user by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_name\n| sort by _count,event_name asc\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -547,32 +785,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panelA50FD6D0B28B0841",
-                    "title": "Events Trend by Event Name",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"}}",
+                    "key": "panel9CBE3510857A6845",
+                    "title": "Events by User",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"user\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" as region nodrop | json \"sourceIPAddress\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus \n| timeslice 1h\n| count as eventCount by _timeslice, eventName\n| transpose row _timeslice column eventName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as eventCount by user, event_name\n| transpose row user column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -581,32 +812,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panel9C32854D84C29940",
-                    "title": "Published Messages Comparison",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel6BF3727D86A0E949",
+                    "title": "Notifications Delivered (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS topicname={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by account,region,TopicName",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -615,7 +839,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
@@ -624,117 +848,42 @@
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        },
-                        {
-                            "transient": false,
-                            "queryString": "#A - #B",
-                            "queryType": "Metrics",
-                            "queryKey": "C",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel144BD3D19FC00B48",
-                    "title": "Number of Notifications Delivered",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsDelivered Statistic=Sum topicname={{topicname}} Region=* ",
-                            "queryType": "Metrics",
-                            "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel1B97D0B5958F3B49",
-                    "title": "Number of Notifications Failed",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsFailed Statistic=Sum topicname={{topicname}} Region=*",
+                            "queryString": "#A | timeshift 7d",
                             "queryType": "Metrics",
-                            "queryKey": "A",
+                            "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panelF09BBF798088FB41",
-                    "title": "Message Publish Size Comparison",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panelCB717EB5B480A948",
+                    "title": "Notifications Failed (Today, Yesterday, Last Week) ",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today \"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics topicname={{topicname}} Namespace=AWS/SNS metric=PublishSize Statistic=Average | avg ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by account,region,TopicName",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -743,7 +892,7 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
@@ -756,11 +905,11 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         },
                         {
                             "transient": false,
-                            "queryString": "#A - #B",
+                            "queryString": "#A | timeshift 7d",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
@@ -769,135 +918,25 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
-                }
-            ],
-            "variables": [
-                {
-                    "id": null,
-                    "name": "account",
-                    "displayName": "account",
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
-                        "key": "account"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                },
-                {
-                    "id": null,
-                    "name": "region",
-                    "displayName": "region",
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
-                        "key": "region"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                },
-                {
-                    "id": null,
-                    "name": "topicname",
-                    "displayName": "topicname",
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
-                        "key": "topicname"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                }
-            ],
-            "coloringRules": []
-        },
-        {
-            "type": "DashboardV2SyncDefinition",
-            "name": "2. Amazon SNS - Metric by Region",
-            "description": "",
-            "title": "2. Amazon SNS - Metric by Region",
-            "theme": "Light",
-            "topologyLabelMap": {
-                "data": {
-                    "namespace": [
-                        "aws/sns"
-                    ],
-                    "topicname": [
-                        "*"
-                    ],
-                    "region": [
-                        "*"
-                    ],
-                    "account": [
-                        "*"
-                    ]
-                }
-            },
-            "refreshInterval": 0,
-            "timeRange": {
-                "type": "BeginBoundedTimeRange",
-                "from": {
-                    "type": "RelativeTimeRangeBoundary",
-                    "relativeTime": "-15m"
                 },
-                "to": null
-            },
-            "layout": {
-                "layoutType": "Grid",
-                "layoutStructures": [
-                    {
-                        "key": "panelA27999D2BE87AA49",
-                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":0}"
-                    },
-                    {
-                        "key": "panel82FC587B9BACF941",
-                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":7}"
-                    },
-                    {
-                        "key": "panel5B8B44C3A5FE2B4D",
-                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":15}"
-                    },
-                    {
-                        "key": "panel6C973DE0BC0A3947",
-                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":23}"
-                    }
-                ]
-            },
-            "panels": [
                 {
                     "id": null,
-                    "key": "panelA27999D2BE87AA49",
-                    "title": "Number of Messages Published",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel5C761868A14A7B40",
+                    "title": "Message Publish Size (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfMessagesPublished region={{region}} Statistic=Sum  | sum by TopicName, account, region, namespace",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg by account,region,TopicName",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -906,122 +945,84 @@
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
+                            "outputCardinalityLimit": 1000
                         },
-                        "to": null
-                    },
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel82FC587B9BACF941",
-                    "title": "Message Publish Size",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=PublishSize Statistic=Average region={{region}} | sum by TopicName, account, region, namespace",
+                            "queryString": "#A | timeshift 1d",
                             "queryType": "Metrics",
-                            "queryKey": "C",
+                            "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
+                            "outputCardinalityLimit": 1000
                         },
-                        "to": null
-                    },
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel5B8B44C3A5FE2B4D",
-                    "title": "Number of Notifications Delivered",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsDelivered Statistic=Sum region={{region}} | sum by TopicName, account, region, namespace",
+                            "queryString": "#A | timeshift 7d",
                             "queryType": "Metrics",
-                            "queryKey": "A",
+                            "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
                             "parseMode": "Auto",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
-                    "key": "panel6C973DE0BC0A3947",
-                    "title": "Number of Notifications Failed",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panel2C1AFF3CADD60947",
+                    "title": "Events by TopicName",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudwatch/metrics Namespace=AWS/SNS metric=NumberOfNotificationsFailed Statistic=Sum region={{region}} | sum by TopicName, account, region, namespace",
-                            "queryType": "Metrics",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| timeslice 1h\n| count as event_count by _timeslice, topic_name\n| transpose row _timeslice column topic_name",
+                            "queryType": "Logs",
                             "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
+                            "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
                             "spansQueryData": null,
-                            "parseMode": "Auto",
+                            "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-88E3C816ADF55B44",
+                    "title": "CloudTrail Audit Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel8E54E5239FF80A4D",
+                    "title": "SNS Metrics",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
                 }
             ],
             "variables": [
@@ -1047,31 +1048,58 @@
                     "defaultValue": "*",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
+                        "filter": "account={{account}}",
                         "key": "region"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
                     "hideFromUI": false,
                     "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "3. Amazon SNS - CloudTrail Events",
+            "name": "2. Amazon SNS - Audit Events",
             "description": "",
-            "title": "3. Amazon SNS - CloudTrail Events",
+            "title": "2. Amazon SNS - Audit Events",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
                     "namespace": [
                         "aws/sns"
                     ],
-                    "topicname": [
-                        "*"
-                    ],
                     "region": [
                         "*"
                     ],
@@ -1085,7 +1113,7 @@
                 "type": "BeginBoundedTimeRange",
                 "from": {
                     "type": "RelativeTimeRangeBoundary",
-                    "relativeTime": "-15m"
+                    "relativeTime": "-1d"
                 },
                 "to": null
             },
@@ -1106,11 +1134,11 @@
                     },
                     {
                         "key": "panel63133FE7966C3B44",
-                        "structure": "{\"height\":6,\"width\":7,\"x\":5,\"y\":9}"
+                        "structure": "{\"height\":7,\"width\":6,\"x\":5,\"y\":15}"
                     },
                     {
                         "key": "panelA3841CC48DC37A4E",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":15,\"y\":9}"
                     },
                     {
                         "key": "panel08DA60FCB6CBA94F",
@@ -1118,7 +1146,7 @@
                     },
                     {
                         "key": "panel554DCC97A661E840",
-                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":15}"
+                        "structure": "{\"height\":6,\"width\":13,\"x\":11,\"y\":15}"
                     },
                     {
                         "key": "panel8BD78A42A42E2941",
@@ -1126,23 +1154,27 @@
                     },
                     {
                         "key": "panel04C58849BF85EA40",
-                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":21}"
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":22}"
                     },
                     {
                         "key": "panelEB163726B40EDB42",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":27}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":28}"
                     },
                     {
                         "key": "panel9FE68E49A0060A4D",
-                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":27}"
+                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":28}"
                     },
                     {
                         "key": "panel47C00A9996D1FB46",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":33}"
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":34}"
                     },
                     {
                         "key": "panelFA76DDA1858D6941",
-                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":33}"
+                        "structure": "{\"height\":6,\"width\":10,\"x\":5,\"y\":9}"
+                    },
+                    {
+                        "key": "panelB3E1C834A1026A43",
+                        "structure": "{\"height\":6,\"width\":14,\"x\":9,\"y\":34}"
                     }
                 ]
             },
@@ -1151,13 +1183,13 @@
                     "id": null,
                     "key": "panel9724CE95BF93284E",
                     "title": "Successful Events Location",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1166,18 +1198,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -1185,13 +1210,13 @@
                     "id": null,
                     "key": "panel13A28BCF9195784A",
                     "title": "Failure Events Location",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventSource\" nodrop | json \"sourceIPAddress\" nodrop | json \"eventName\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count by sourceIPAddress, eventName\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = sourceIPAddress\n| sort _count",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1200,32 +1225,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panel8295225DA9487941",
-                    "title": "Event Status",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "title": "Event by Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| count by eventStatus",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count, event_status asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1234,18 +1252,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -1253,13 +1264,13 @@
                     "id": null,
                     "key": "panel63133FE7966C3B44",
                     "title": "Top Error Codes",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by errorCode \n| top 10 errorCode by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by error_code \n| top 10 error_code by event_count\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1268,18 +1279,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -1287,13 +1291,13 @@
                     "id": null,
                     "key": "panelA3841CC48DC37A4E",
                     "title": "Event Status Trend",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1d\n| count by _timeslice, eventStatus\n| fillmissing timeslice(1d), values (\"Success\", \"Failure\") in eventStatus\n| transpose row _timeslice column eventStatus",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count by _timeslice, event_status\n| fillmissing timeslice(1d), values (\"Success\", \"Failure\") in event_status\n| transpose row _timeslice column event_status",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1302,32 +1306,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1w"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panel08DA60FCB6CBA94F",
-                    "title": "Failed Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "title": "Failed Events by Event Name",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1336,18 +1333,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -1355,13 +1345,13 @@
                     "id": null,
                     "key": "panel554DCC97A661E840",
                     "title": "Failed Event Details",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Failure\"\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1s\n| count as eventCount by _timeslice, eventName, errorCode, errorMessage, awsRegion, sourceIPAddress, accountId, user, type\n| sort by _timeslice",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountid, user, type\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1370,32 +1360,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panel8BD78A42A42E2941",
-                    "title": "Successful Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\"}}",
+                    "title": "Successful Events by Event Name",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userAgent\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"requestParameters.topicArn\" as topicArn nodrop | json \"requestParameters.name\" as name nodrop | json \"requestID\" nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by eventName\n| sort by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1404,18 +1387,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -1423,13 +1399,13 @@
                     "id": null,
                     "key": "panel04C58849BF85EA40",
                     "title": "Successful Event Details",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userAgent\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"requestParameters.topicArn\" as topicArn nodrop | json \"requestParameters.name\" as name nodrop | json \"requestID\" nodrop | json \"userIdentity.userName\" as username nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| where eventSource=\"sns.amazonaws.com\" and eventStatus=\"Success\"\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1s\n| count as eventCount by _timeslice, eventName, awsRegion, sourceIPAddress, accountId, user, type, requestId, name, topicArn, userAgent\n| sort by _timeslice",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, name, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1438,32 +1414,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panelEB163726B40EDB42",
-                    "title": "Top Users",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "title": "Top 10 Users by Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.userName\" as userName nodrop | json \"errorCode\" nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| count as eventCount by user\n| top 10 user by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user\n| top 10 user by event_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1472,18 +1441,11 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
@@ -1491,13 +1453,13 @@
                     "id": null,
                     "key": "panel9FE68E49A0060A4D",
                     "title": "Events by User",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"bar\"}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"bar\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.type\" as type nodrop | json \"userIdentity.arn\" as arn nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.userName\" as userName nodrop | json \"errorCode\" nodrop\n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus\n| parse field=arn \":assumed-role/*\" as user nodrop | parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| timeslice 1d\n| count as eventCount by user, eventName\n| transpose row user column eventName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user, event_name\n| transpose row user column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1506,32 +1468,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panel47C00A9996D1FB46",
-                    "title": "Most Active TopicNames",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"}}",
+                    "title": "Top 10 Active TopicNames by Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"eventName\" nodrop | json \"eventSource\" nodrop | json \"errorCode\" nodrop | json \"errorMessage\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop | json \"requestParameters.topicArn\" as topicArn1 nodrop | json \"responseElements.topicArn\" as topicArn2 nodrop\n| if (!isEmpty(topicArn1), topicArn1, topicArn2) as topicArn\n| where eventSource=\"sns.amazonaws.com\" and !isEmpty(topicArn)\n| parse field=topicArn \"arn:aws:sns:*:*:*\" as topicRegion, topicAccountId, topicName\n| count as eventCount by topicName\n| top 10 topicName by eventCount",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name\n| top 10 topic_name by event_count, topic_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1540,32 +1495,25 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panelFA76DDA1858D6941",
-                    "title": "Events Trend by Event Name",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"}}",
+                    "title": "Events Trend ",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "_sourceCategory = aws/observability/cloudtrail/logs \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"eventSource\" nodrop | json \"eventName\" nodrop | json \"awsRegion\" nodrop | json \"sourceIPAddress\" nodrop | json \"errorCode\" nodrop | json \"userIdentity.accountId\" as accountId nodrop | json \"userIdentity.arn\" as arn nodrop | parse field=arn \":assumed-role/*\" as user nodrop | json \"userIdentity.userName\" as username nodrop \n| where eventSource=\"sns.amazonaws.com\"\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(errorCode), \"Success\", \"Failure\") as eventStatus \n| timeslice 1h\n| count as eventCount by _timeslice, eventName\n| transpose row _timeslice column eventName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1574,18 +1522,38 @@
                             "spansQueryData": null,
                             "parseMode": "Manual",
                             "timeSource": "Message",
-                            "outputCardinalityLimit": null
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
-                    "timeRange": {
-                        "type": "BeginBoundedTimeRange",
-                        "from": {
-                            "type": "RelativeTimeRangeBoundary",
-                            "relativeTime": "-1d"
-                        },
-                        "to": null
-                    },
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB3E1C834A1026A43",
+                    "title": " Active TopicNames by Events",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name, event_name\n| transpose row topic_name column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
                     "coloringRules": null,
                     "linkedDashboards": []
                 }
@@ -1613,13 +1581,43 @@
                     "defaultValue": "*",
                     "sourceDefinition": {
                         "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
+                        "filter": "account={{account}}",
                         "key": "region"
                     },
                     "allowMultiSelect": false,
                     "includeAllOption": true,
                     "hideFromUI": false,
                     "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
                 }
             ],
             "coloringRules": []

From 6825785bdd43827b25981b0d5bc5fb272c046741 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Tue, 28 Jun 2022 14:24:02 +0530
Subject: [PATCH 51/82] Adding text panel in cloudtrail specific dashboard of
 Ec2 metric app and fixing SUMO-196079

---
 aws-observability/json/EC2-Metrics-App.json | 163 +++++++++++---------
 aws-observability/json/Overview-App.json    |   4 +-
 2 files changed, 90 insertions(+), 77 deletions(-)

diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index b368e607..ac3f31bb 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -802,10 +802,6 @@
                         "key": "panelpane-b03ffbbdb0b59b4d",
                         "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
                     },
-                    {
-                        "key": "panelpane-73159cd48a30e84d",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
-                    },
                     {
                         "key": "panelpane-7c0398e384ef0b4b",
                         "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
@@ -857,6 +853,10 @@
                     {
                         "key": "panelPANE-8F83BD319926A843",
                         "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel5691F7AA847CD846",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8,\"minHeight\":3,\"minWidth\":3}"
                     }
                 ]
             },
@@ -888,59 +888,6 @@
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
-                {
-                    "id": null,
-                    "key": "panelpane-73159cd48a30e84d",
-                    "title": "Overall Average CPU Load (1m, 5m, 15m)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Average CPU Load\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"1 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"5 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"15 Minute Average CPU Load\"}}]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_1min | avg by metric",
-                            "queryType": "Metrics",
-                            "queryKey": "A",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        },
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_5min | avg by metric",
-                            "queryType": "Metrics",
-                            "queryKey": "B",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        },
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_15min | avg by metric",
-                            "queryType": "Metrics",
-                            "queryKey": "C",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": null
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
                 {
                     "id": null,
                     "key": "panelpane-7c0398e384ef0b4b",
@@ -1273,6 +1220,59 @@
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "This dashboard requires Sumo Logic installed collector to be present on the host and [Host Metric](https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Host-Metrics-Source) source to be configured. Click [here](https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/03_Other_Configurations_and_Tools/Add_Fields_to_Existing_Host_Metrics_Sources) to learn how to tag account and namespace fields to the existing source(s) for them to be visible in the AWS Observability Solution dashboards."
+                },
+                {
+                    "id": null,
+                    "key": "panel5691F7AA847CD846",
+                    "title": "Overall Average CPU Load (1m, 5m, 15m)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Average CPU Load\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"1 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"5 Minute Average CPU Load\"}},{\"series\":[],\"queries\":[\"C\"],\"userProvidedChartType\":false,\"properties\":{\"name\":\"15 Minute Average CPU Load\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_1min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_5min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} metric=CPU_LoadAvg_15min | avg by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
                 }
             ],
             "variables": [
@@ -1372,75 +1372,79 @@
                 "layoutStructures": [
                     {
                         "key": "panelPANE-9A6827ADAFD40B48",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":10}"
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":12}"
                     },
                     {
                         "key": "panel808FD9FD8BFB6846",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}"
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":34}"
                     },
                     {
                         "key": "panelPANE-F6D67170A3207848",
-                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":2}"
                     },
                     {
                         "key": "panelPANE-55BA9CD690905848",
-                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":18}"
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":20}"
                     },
                     {
                         "key": "panelE1BCBDE685FB3944",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":41}"
                     },
                     {
                         "key": "panelPANE-4D66006086774A44",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":10}"
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":12}"
                     },
                     {
                         "key": "panelPANE-829F6ADB86227949",
-                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":39}"
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":41}"
                     },
                     {
                         "key": "panel1DA5F9AA9C03F945",
-                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":32}"
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":34}"
                     },
                     {
                         "key": "panelPANE-C6B1C1249FED294C",
-                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":23}"
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":25}"
                     },
                     {
                         "key": "panel422C79CD944AC840",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":10}"
+                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":12}"
                     },
                     {
                         "key": "panelB86F7C84926F1844",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":10}"
+                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":12}"
                     },
                     {
                         "key": "panelABB275868F4B2A44",
-                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":18}"
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":20}"
                     },
                     {
                         "key": "panelA10E415491CA1B4F",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":23}"
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":25}"
                     },
                     {
                         "key": "panelPANE-4B95C387A7D03B47",
-                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":45}"
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":47}"
                     },
                     {
                         "key": "panelF999E9E5A6591B41",
-                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":2}"
                     },
                     {
                         "key": "panelC8228A47A6D3DA4D",
-                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":23}"
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":25}"
                     },
                     {
                         "key": "panelPANE-4022F95385542A46",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":31}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":33}"
                     },
                     {
                         "key": "panelD9E5828D86D12941",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":38}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":40}"
+                    },
+                    {
+                        "key": "panelPANE-E40BD69ABB08F949",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
                     }
                 ]
             },
@@ -1894,6 +1898,15 @@
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": "Failure Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E40BD69ABB08F949",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires Cloud Trail Logs from AWS and are specific for AWS EC2."
                 }
             ],
             "variables": [
diff --git a/aws-observability/json/Overview-App.json b/aws-observability/json/Overview-App.json
index c7ab88c2..5865be1b 100644
--- a/aws-observability/json/Overview-App.json
+++ b/aws-observability/json/Overview-App.json
@@ -389,7 +389,7 @@
                     "id": null,
                     "key": "panelPANE-F361E48F8E269B40",
                     "title": "ALB Errors",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1358,7 +1358,7 @@
                     "id": null,
                     "key": "panelPANE-F361E48F8E269B40",
                     "title": "ALB Errors",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [

From 0d11a3e5bd5a01fea04ad59fa0baa8d8257cd5a2 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Tue, 28 Jun 2022 15:42:45 +0530
Subject: [PATCH 52/82] Updating description of newly added text panel based on
 review comment and for SUMO-196079 TLS Negotiation Errors by NLB had similar
 error in overview app, fixing that as well.

---
 aws-observability/json/EC2-Metrics-App.json | 2 +-
 aws-observability/json/Overview-App.json    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index ac3f31bb..ae2629a5 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -1906,7 +1906,7 @@
                     "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
-                    "text": "This dashboard requires Cloud Trail Logs from AWS and are specific for AWS EC2."
+                    "text": "This dashboard requires AWS CloudTrail Logs from AWS account and the contents are specific for AWS EC2 instance(s)."
                 }
             ],
             "variables": [
diff --git a/aws-observability/json/Overview-App.json b/aws-observability/json/Overview-App.json
index 5865be1b..6a61e855 100644
--- a/aws-observability/json/Overview-App.json
+++ b/aws-observability/json/Overview-App.json
@@ -686,7 +686,7 @@
                     "id": null,
                     "key": "panel892FA012BAB81847",
                     "title": "TLS Negotiation Errors by NLB",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1760,7 +1760,7 @@
                     "id": null,
                     "key": "panelPANE-1E7F8086B885C943",
                     "title": "TLS Negotiation Errors by NLB",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [

From 5ac85b4abf085d65ae4a70e3d0bf427d93e09c83 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Tue, 28 Jun 2022 15:47:26 +0530
Subject: [PATCH 53/82] changing the range for ELB errors panel at region and
 account level overview dashboards

---
 aws-observability/json/Overview-App.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability/json/Overview-App.json b/aws-observability/json/Overview-App.json
index 6a61e855..628f17ea 100644
--- a/aws-observability/json/Overview-App.json
+++ b/aws-observability/json/Overview-App.json
@@ -872,7 +872,7 @@
                     "id": null,
                     "key": "panelPANE-9D6E7556A262C846",
                     "title": "ELB Errors",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1841,7 +1841,7 @@
                     "id": null,
                     "key": "panelPANE-6DFA637C8E2A6B4F",
                     "title": "ELB Errors",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [

From a42c39040feeb3617abb977ad0f5b9ce60016eff Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 29 Jun 2022 16:37:40 +0530
Subject: [PATCH 54/82] removing redundant links

---
 aws-observability-terraform/test/README.md              | 7 +------
 aws-observability-terraform/test/appmodule/README.md    | 7 +------
 aws-observability-terraform/test/sourcemodule/README.md | 7 +------
 3 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/README.md
index 89d16f67..9d506858 100644
--- a/aws-observability-terraform/test/README.md
+++ b/aws-observability-terraform/test/README.md
@@ -83,9 +83,4 @@ Currently we have validations for following entities, If apart from them any new
    - validateLambda
    - validateCFStack
    - validateKFstream
-   - validateCWmetricstream
-
-
-### Miscellaneous Links
-https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
-https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
+   - validateCWmetricstream
\ No newline at end of file
diff --git a/aws-observability-terraform/test/appmodule/README.md b/aws-observability-terraform/test/appmodule/README.md
index a346a814..ea4101c0 100644
--- a/aws-observability-terraform/test/appmodule/README.md
+++ b/aws-observability-terraform/test/appmodule/README.md
@@ -38,9 +38,4 @@ Currently we have validations for following entities, If apart from them any new
    - validateSumoLogicField
    - validateSumoLogicMetricRule
    - validateSumoLogicMonitorsFolder
-   - validateSumoLogicHierarchy
-
-
-### Miscellaneous Links
-https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
-https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
+   - validateSumoLogicHierarchy
\ No newline at end of file
diff --git a/aws-observability-terraform/test/sourcemodule/README.md b/aws-observability-terraform/test/sourcemodule/README.md
index 2bc8955f..fd2ac4ff 100644
--- a/aws-observability-terraform/test/sourcemodule/README.md
+++ b/aws-observability-terraform/test/sourcemodule/README.md
@@ -50,9 +50,4 @@ Currently we have validations for following entities, If apart from them any new
    - validateLambda
    - validateCFStack
    - validateKFstream
-   - validateCWmetricstream
-
-
-### Miscellaneous Links
-https://docs.google.com/spreadsheets/d/1tPC4lZPfQTXxfNLqr3oVXFCQH0PjZouNQAnbt4LSU8k/edit#gid=1162903618
-https://docs.google.com/document/d/1PsNXkmL6Jo_2Q5f4mO0MvK1Dojl6KfY8SyybpE-g1gg/edit?usp=sharing
+   - validateCWmetricstream
\ No newline at end of file

From 37f71c32d70d0233bdd304be7cfcc3a9c87dab57 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Thu, 30 Jun 2022 16:32:43 +0530
Subject: [PATCH 55/82] Modified app and updated FER

---
 .../app-modules/sns/app.tf                    | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/aws-observability-terraform/app-modules/sns/app.tf b/aws-observability-terraform/app-modules/sns/app.tf
index 713a3a9a..53b943d2 100644
--- a/aws-observability-terraform/app-modules/sns/app.tf
+++ b/aws-observability-terraform/app-modules/sns/app.tf
@@ -21,20 +21,28 @@ module "sns_module" {
   managed_field_extraction_rules = {
     "SnsCloudTrailLogsFieldExtractionRule" = {
       name             = "AwsObservabilitySNSCloudTrailLogsFER"
-      scope            = "_sourcecategory=*cloudtrail* \"sns.amazonaws.com\""
+      scope            = "account=* eventname eventsource \"sns.amazonaws.com\""
       parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
-              | json field=requestParameters "topicArn" as req_topicarn nodrop
-              | json field=responseElements "topicArn" as res_topicarn nodrop
-              | if (isBlank(req_topicarn), res_topicarn, req_topicarn) as topicarn
-              | parse field=topicarn "arn:aws:sns:*:*:*" as r, acctid, topicname nodrop
-              | where eventSource = "sns.amazonaws.com"
+              | json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop
+              | where event_source = "sns.amazonaws.com"
+              | json field=userIdentity "accountId", "type", "arn", "userName"  as accountid, type, arn, username nodrop
+              | parse field=arn ":assumed-role/*" as user nodrop 
+              | parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop
+              | json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop 
+              | json field=responseElements "topicArn" as res_topic_arn nodrop
+              | if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn
+              | if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn
+              | parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop
+              | parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop
+              | if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname
+              | if (isBlank(accountid), recipient_account_id, accountid) as accountid
               | "aws/sns" as namespace
               | fields region, namespace, topicname, accountid
       EOT
       enabled          = true
     }
   }
+
   # ********************** Apps ********************** #
   managed_apps = {
     "SNSApp" = {

From 81a883bf815aedd74f14fe76d2e7e854382bd8b2 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Fri, 1 Jul 2022 16:02:37 +0530
Subject: [PATCH 56/82] Adding Events Dashboard(Cloudtrail log based) in Ec2 CW
 metrics app

---
 .../json/EC2-CW-Metrics-App.json              | 619 ++++++++++++++++++
 aws-observability/json/EC2-Metrics-App.json   |   4 +-
 2 files changed, 621 insertions(+), 2 deletions(-)

diff --git a/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability/json/EC2-CW-Metrics-App.json
index 62906d0a..c09939af 100644
--- a/aws-observability/json/EC2-CW-Metrics-App.json
+++ b/aws-observability/json/EC2-CW-Metrics-App.json
@@ -2132,6 +2132,625 @@
             ],
             "coloringRules": []
         },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2.1 AWS EC2 - Events",
+            "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
+            "title": "2.1 AWS EC2 - Events",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-9A6827ADAFD40B48",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panel808FD9FD8BFB6846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-F6D67170A3207848",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-55BA9CD690905848",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelE1BCBDE685FB3944",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":41}"
+                    },
+                    {
+                        "key": "panelPANE-4D66006086774A44",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-829F6ADB86227949",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":41}"
+                    },
+                    {
+                        "key": "panel1DA5F9AA9C03F945",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-C6B1C1249FED294C",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":25}"
+                    },
+                    {
+                        "key": "panel422C79CD944AC840",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":12}"
+                    },
+                    {
+                        "key": "panelB86F7C84926F1844",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelABB275868F4B2A44",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelA10E415491CA1B4F",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-4B95C387A7D03B47",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":47}"
+                    },
+                    {
+                        "key": "panelF999E9E5A6591B41",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panelC8228A47A6D3DA4D",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-4022F95385542A46",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":33}"
+                    },
+                    {
+                        "key": "panelD9E5828D86D12941",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":40}"
+                    },
+                    {
+                        "key": "panelPANE-E40BD69ABB08F949",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-9A6827ADAFD40B48",
+                    "title": "Event Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_status\n| sort by _count, event_status asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel808FD9FD8BFB6846",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F6D67170A3207848",
+                    "title": "Successful Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-55BA9CD690905848",
+                    "title": "Events Types Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE1BCBDE685FB3944",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4D66006086774A44",
+                    "title": "Top 10 Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-829F6ADB86227949",
+                    "title": "Latest Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1DA5F9AA9C03F945",
+                    "title": "Latest Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C6B1C1249FED294C",
+                    "title": "Top 10 AssumedRole  Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as count by user\n| sort by count, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel422C79CD944AC840",
+                    "title": "Top Events Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by event_name\n| sort by count, event_name asc | limit 20",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB86F7C84926F1844",
+                    "title": "Event Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\",  if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelABB275868F4B2A44",
+                    "title": "Events Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_status\n| transpose row _timeslice column event_status",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA10E415491CA1B4F",
+                    "title": "Top 10 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as count by user\n| sort by count, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4B95C387A7D03B47",
+                    "title": "Events from Known Malicious IP Addresses",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name // , user, user_agent, instanceid\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, instanceid",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF999E9E5A6591B41",
+                    "title": "Failure Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8228A47A6D3DA4D",
+                    "title": "Top 10 User Agents",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by user_agent\n| sort by count, user_agent asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4022F95385542A46",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"fontSize\":16,\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Successful Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelD9E5828D86D12941",
+                    "title": "Failure Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false,\"fontSize\":16},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Failure Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E40BD69ABB08F949",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires AWS CloudTrail Logs from AWS account and the contents are specific for AWS EC2 instance(s)."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
         {
             "type": "DashboardV2SyncDefinition",
             "name": "2.1. AWS EC2 CPU (CloudWatch Metrics)",
diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index ae2629a5..88d88edc 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -1341,9 +1341,9 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "2. AWS EC2 - Events",
+            "name": "2.2 AWS EC2 - Events",
             "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
-            "title": "2. AWS EC2 - Events",
+            "title": "2.2 AWS EC2 - Events",
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {

From 883b8f54406d29ada11cc328d17b173f10bc2cd4 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Tue, 5 Jul 2022 18:21:44 +0530
Subject: [PATCH 57/82] added monitors and updated app

---
 .../app-modules/main.auto.tfvars              |   2 +
 aws-observability/json/Alerts-App.json        | 924 +++++++++++-------
 aws-observability/json/Sns-App.json           | 853 ++++++++++++++--
 3 files changed, 1368 insertions(+), 411 deletions(-)

diff --git a/aws-observability-terraform/app-modules/main.auto.tfvars b/aws-observability-terraform/app-modules/main.auto.tfvars
index 2fcc2cba..b6e8ca15 100644
--- a/aws-observability-terraform/app-modules/main.auto.tfvars
+++ b/aws-observability-terraform/app-modules/main.auto.tfvars
@@ -12,6 +12,7 @@ group_notifications           = true
 rds_monitors_disabled         = true
 alb_monitors_disabled         = true
 apigateway_monitors_disabled  = true
+sns_monitors_disabled         = true
 dynamodb_monitors_disabled    = true
 ec2metrics_monitors_disabled  = true
 ecs_monitors_disabled         = true
@@ -19,3 +20,4 @@ elasticache_monitors_disabled = true
 lambda_monitors_disabled      = true
 nlb_monitors_disabled         = true
 folder_share_with_org         = true
+
diff --git a/aws-observability/json/Alerts-App.json b/aws-observability/json/Alerts-App.json
index 2ecae908..bcf8cc56 100644
--- a/aws-observability/json/Alerts-App.json
+++ b/aws-observability/json/Alerts-App.json
@@ -4,8 +4,8 @@
   "type": "MonitorsLibraryFolderExport",
   "children": [
     {
-      "name": "AWS API Gateway - High Latency",
-      "description": "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes.",
+      "name": "AWS EC2 - High System CPU Utilization",
+      "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -15,15 +15,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+          "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 1000,
+          "threshold": 85,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -32,8 +33,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 1000,
+          "threshold": 85,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -43,11 +45,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon Elasticache - High Engine CPU Utilization",
-      "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is  high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.",
+      "name": "Amazon Elasticache - Low Redis Cache Hit Rate",
+      "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If  cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -57,15 +60,114 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace"
+          "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 90,
+          "threshold": 80,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 80,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": false,
+      "playbook": "",
+      "sloId": null
+    },
+    {
+      "name": "AWS Application Load Balancer - Access from Highly Malicious Sources",
+      "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        },
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
+    },
+    {
+      "name": "AWS API Gateway - High 4XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along apiname, account, region, namespace"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "StaticCondition",
+          "triggerType": "Critical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -74,8 +176,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 90,
+          "threshold": 5,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -85,11 +188,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS EC2 - High Memory Utilization",
-      "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
+      "name": "Amazon RDS - High Write Latency",
+      "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -99,15 +203,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
+          "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -116,8 +221,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 5,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -127,11 +233,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon Elasticache - Low Redis Cache Hit Rate",
-      "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If  cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.",
+      "name": "AWS EC2 - High Disk Utilization",
+      "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -141,16 +248,17 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
+          "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
-          "thresholdType": "LessThanOrEqual",
+          "threshold": 85,
+          "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -158,9 +266,10 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
-          "thresholdType": "GreaterThan",
+          "threshold": 85,
+          "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -169,11 +278,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS API Gateway - High 5XX Errors",
-      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
+      "name": "AWS Lambda - High Percentage of Failed Requests",
+      "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -183,21 +293,22 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+          "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace"
         },
         {
           "rowId": "B",
-          "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+          "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace"
         },
         {
           "rowId": "C",
-          "query": "#A * 100 / #B along account, region, namespace"
+          "query": "#A * 100 / #B along functionname, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
@@ -208,6 +319,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
@@ -219,7 +331,8 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
       "name": "AWS Application Load Balancer - High Latency",
@@ -240,6 +353,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 3000,
           "thresholdType": "GreaterThanOrEqual",
@@ -250,6 +364,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 3000,
           "thresholdType": "LessThan",
@@ -261,11 +376,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon ECS - High Memory Utilization",
-      "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).",
+      "name": "Amazon ECS - High CPU Utilization",
+      "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -275,13 +391,14 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average  account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace"
+          "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 85,
           "thresholdType": "GreaterThanOrEqual",
@@ -292,6 +409,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 85,
           "thresholdType": "LessThan",
@@ -303,11 +421,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon RDS - High Write Latency",
-      "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.",
+      "name": "AWS EC2 - High Memory Utilization",
+      "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -317,15 +436,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+          "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 5,
+          "threshold": 85,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -334,8 +454,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 5,
+          "threshold": 85,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -345,11 +466,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Application Load Balancer - High 4XX Errors",
-      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "name": "AWS API Gateway - High Latency",
+      "description": "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -359,23 +481,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
-        },
-        {
-          "rowId": "B",
-          "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
-        },
-        {
-          "rowId": "C",
-          "query": "#A * 100 / #B along loadbalancer, account, region, namespace"
+          "query": "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 5,
+          "threshold": 1000,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -384,8 +499,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 5,
+          "threshold": 1000,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -395,13 +511,14 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon RDS - Low Burst Balance",
-      "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.",
+      "name": "AWS DynamoDB - Multiple Tables deleted",
+      "description": "This alert fires when we detect multiple failed operations for Elasticache service within 15 minutes",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Metrics",
+      "monitorType": "Logs",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -409,41 +526,44 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+          "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
-          "timeRange": "-5m",
-          "threshold": 50,
-          "thresholdType": "LessThanOrEqual",
+          "resolutionWindow": null,
+          "timeRange": "-15m",
+          "threshold": 5,
+          "thresholdType": "GreaterThanOrEqual",
           "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
         },
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
-          "timeRange": "-5m",
-          "threshold": 50,
-          "thresholdType": "GreaterThan",
+          "resolutionWindow": null,
+          "timeRange": "-15m",
+          "threshold": 5,
+          "thresholdType": "LessThan",
           "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": false,
-      "playbook": ""
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Classic Load Balancer - Access from Highly Malicious Sources",
-      "description": "This alert fires when the Classic load balancer is accessed from highly malicious IP addresses within last 5 minutes.",
+      "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio",
+      "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Logs",
+      "monitorType": "Metrics",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -451,35 +571,42 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName"
+          "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "LogsStaticCondition",
+          "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 0,
-          "thresholdType": "GreaterThan",
-          "field": ""
+          "threshold": 50,
+          "thresholdType": "LessThanOrEqual",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         },
         {
-          "detectionMethod": "LogsStaticCondition",
+          "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 0,
-          "thresholdType": "LessThanOrEqual",
-          "field": ""
+          "threshold": 50,
+          "thresholdType": "GreaterThan",
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": true,
-      "playbook": ""
+      "groupNotifications": false,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Classic Load Balancer - High 5XX Errors",
-      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
+      "name": "AWS Classic Load Balancer - High 4XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -489,7 +616,7 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
+          "query": "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
         },
         {
           "rowId": "B",
@@ -504,6 +631,7 @@
         {
           "detectionMethod": "MetricsStaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
@@ -512,6 +640,7 @@
         {
           "detectionMethod": "MetricsStaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
@@ -521,11 +650,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Network Load Balancer - High Unhealthy Hosts",
-      "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer",
+      "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity",
+      "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -535,23 +665,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace"
-        },
-        {
-          "rowId": "B",
-          "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace"
-        },
-        {
-          "rowId": "C",
-          "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace"
+          "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 10,
+          "threshold": 80,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -560,8 +683,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 10,
+          "threshold": 80,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -571,11 +695,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS API Gateway - High Integration Latency",
-      "description": "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes.",
+      "name": "AWS EC2 - High Total CPU Utilization",
+      "description": "This alert fires when the average total CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -585,15 +710,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+          "query": "Namespace=aws/ec2 metric=CPU_Total account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 1000,
+          "threshold": 85,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -602,8 +728,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 1000,
+          "threshold": 85,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -613,11 +740,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Lambda - High Percentage of Failed Requests",
-      "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.",
+      "name": "AWS Classic Load Balancer - High 5XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -627,47 +755,46 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace"
+          "query": "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
         },
         {
           "rowId": "B",
-          "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace"
+          "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
         },
         {
           "rowId": "C",
-          "query": "#A * 100 / #B along functionname, account, region, namespace"
+          "query": "#A * 100 / #B along loadbalancername, account, region, namespace"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "MetricsStaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "Always"
         },
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "MetricsStaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "Always"
         }
       ],
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Application Load Balancer - High 5XX Errors",
-      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
+      "name": "AWS Application Load Balancer - High 4XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -677,7 +804,7 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+          "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
         },
         {
           "rowId": "B",
@@ -692,6 +819,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
@@ -702,6 +830,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
@@ -713,7 +842,8 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
       "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio",
@@ -734,6 +864,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 1.5,
           "thresholdType": "GreaterThanOrEqual",
@@ -744,6 +875,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 1.5,
           "thresholdType": "LessThan",
@@ -755,11 +887,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon Elasticache - High CPU Utilization",
-      "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is  high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring  CPU utilization for hosts with two vCPUs or less.",
+      "name": "Amazon RDS - High Disk Queue Depth",
+      "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -769,15 +902,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace"
+          "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 90,
+          "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -786,8 +920,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 90,
+          "threshold": 5,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -797,11 +932,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio",
-      "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.",
+      "name": "AWS DynamoDB - High Account Provisioned Write Capacity",
+      "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -811,16 +947,17 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+          "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 50,
-          "thresholdType": "LessThanOrEqual",
+          "threshold": 80,
+          "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -828,9 +965,10 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 50,
-          "thresholdType": "GreaterThan",
+          "threshold": 80,
+          "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -839,11 +977,53 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS API Gateway - High 4XX Errors",
-      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "name": "AWS SNS -  Access from Highly Malicious Sources",
+      "description": "This alert fires when an Application AWS - SNS is accessed from highly malicious IP addresses within last 5 minutes",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Logs",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, user_type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user_type, username) as user_type\n| count as ip_count by src_ip, event_name, region, accountid,user_type\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| sum(ip_count) as threat_count by src_ip, event_name, region, accountid, malicious_confidence, actor, label_name\n"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "LogsStaticCondition",
+          "triggerType": "Critical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "GreaterThan",
+          "field": null
+        },
+        {
+          "detectionMethod": "LogsStaticCondition",
+          "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 0,
+          "thresholdType": "LessThanOrEqual",
+          "field": null
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
+    },
+    {
+      "name": "AWS API Gateway - High 5XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -853,7 +1033,7 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
+          "query": "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
         },
         {
           "rowId": "B",
@@ -861,13 +1041,14 @@
         },
         {
           "rowId": "C",
-          "query": "#A * 100 / #B along apiname, account, region, namespace"
+          "query": "#A * 100 / #B along account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
@@ -878,6 +1059,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
@@ -889,13 +1071,14 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS EC2 - High Total CPU Utilization",
-      "description": "This alert fires when the average total CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
+      "name": "AWS SNS - Failed Events",
+      "description": "This alert fires when an SNS app has high number of  failed events (>5) within last 5 minutes",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Metrics",
+      "monitorType": "Logs",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -903,41 +1086,40 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/ec2 metric=CPU_Total account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
+          "query": "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "LogsStaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
-          "thresholdType": "GreaterThanOrEqual",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "threshold": 5,
+          "thresholdType": "GreaterThan",
+          "field": null
         },
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "LogsStaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
-          "thresholdType": "LessThan",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "threshold": 5,
+          "thresholdType": "LessThanOrEqual",
+          "field": null
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": false,
-      "playbook": ""
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Classic Load Balancer - High Latency",
-      "description": "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds.",
+      "name": "Amazon Elasticache - Multiple Failed Operations",
+      "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Metrics",
+      "monitorType": "Logs",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -945,35 +1127,42 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername"
+          "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\"  as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "MetricsStaticCondition",
+          "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
-          "timeRange": "-5m",
-          "threshold": 3000,
+          "resolutionWindow": null,
+          "timeRange": "-15m",
+          "threshold": 10,
           "thresholdType": "GreaterThanOrEqual",
-          "occurrenceType": "Always"
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
         },
         {
-          "detectionMethod": "MetricsStaticCondition",
+          "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
-          "timeRange": "-5m",
-          "threshold": 3000,
+          "resolutionWindow": null,
+          "timeRange": "-15m",
+          "threshold": 10,
           "thresholdType": "LessThan",
-          "occurrenceType": "Always"
+          "field": null,
+          "occurrenceType": "ResultCount",
+          "triggerSource": "AllResults"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": false,
-      "playbook": ""
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS EC2 - High Disk Utilization",
-      "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).",
+      "name": "AWS Network Load Balancer - High Unhealthy Hosts",
+      "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -983,15 +1172,24 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname"
+          "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 10,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -1000,8 +1198,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 10,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -1011,11 +1210,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon ECS - High CPU Utilization",
-      "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).",
+      "name": "Amazon Elasticache - High CPU Utilization",
+      "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is  high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring  CPU utilization for hosts with two vCPUs or less.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1025,15 +1225,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace"
+          "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 90,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -1042,8 +1243,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 90,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -1053,7 +1255,8 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
       "name": "AWS Network Load Balancer - High TLS Negotiation Errors",
@@ -1082,6 +1285,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 10,
           "thresholdType": "GreaterThanOrEqual",
@@ -1092,6 +1296,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 10,
           "thresholdType": "LessThan",
@@ -1103,13 +1308,14 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon Elasticache - Multiple Failed Operations",
-      "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.",
+      "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity",
+      "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Logs",
+      "monitorType": "Metrics",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -1117,41 +1323,44 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\"  as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime"
+          "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
-          "timeRange": "-15m",
-          "threshold": 10,
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 80,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
-          "occurrenceType": "ResultCount",
-          "triggerSource": "AllResults"
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         },
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
-          "timeRange": "-15m",
-          "threshold": 10,
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 80,
           "thresholdType": "LessThan",
           "field": null,
-          "occurrenceType": "ResultCount",
-          "triggerSource": "AllResults"
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": true,
-      "playbook": ""
+      "groupNotifications": false,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon Elasticache - High Redis Database Memory Usage",
-      "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.",
+      "name": "AWS Classic Load Balancer - Access from Highly Malicious Sources",
+      "description": "This alert fires when the Classic load balancer is accessed from highly malicious IP addresses within last 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Metrics",
+      "monitorType": "Logs",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -1159,39 +1368,38 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
+          "query": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "LogsStaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 95,
-          "thresholdType": "GreaterThanOrEqual",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "threshold": 0,
+          "thresholdType": "GreaterThan",
+          "field": null
         },
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "LogsStaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 95,
-          "thresholdType": "LessThan",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "threshold": 0,
+          "thresholdType": "LessThanOrEqual",
+          "field": null
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": false,
-      "playbook": ""
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS EC2 - High System CPU Utilization",
-      "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).",
+      "name": "Amazon RDS - High CPU Utilization",
+      "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1201,13 +1409,14 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid"
+          "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 85,
           "thresholdType": "GreaterThanOrEqual",
@@ -1218,6 +1427,7 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 85,
           "thresholdType": "LessThan",
@@ -1229,11 +1439,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Lambda - Low Provisioned Concurrency Utilization",
-      "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.",
+      "name": "Amazon Elasticache - High Redis Database Memory Usage",
+      "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1243,16 +1454,17 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account"
+          "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 50,
-          "thresholdType": "LessThanOrEqual",
+          "threshold": 95,
+          "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -1260,9 +1472,10 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 50,
-          "thresholdType": "GreaterThan",
+          "threshold": 95,
+          "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -1271,11 +1484,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity",
-      "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "name": "Amazon ECS - High Memory Utilization",
+      "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1285,15 +1499,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+          "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average  account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
+          "threshold": 85,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -1302,8 +1517,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
+          "threshold": 85,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -1313,11 +1529,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity",
-      "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "name": "Amazon Elasticache - High Engine CPU Utilization",
+      "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is  high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1327,15 +1544,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+          "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
+          "threshold": 90,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -1344,8 +1562,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
+          "threshold": 90,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -1355,13 +1574,14 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS DynamoDB - Multiple Tables deleted",
-      "description": "This alert fires when we detect multiple failed operations for Elasticache service within 15 minutes",
+      "name": "AWS API Gateway - High Integration Latency",
+      "description": "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Logs",
+      "monitorType": "Metrics",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -1369,39 +1589,42 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime"
+          "query": "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
-          "timeRange": "-15m",
-          "threshold": 5,
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 1000,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
-          "occurrenceType": "ResultCount",
-          "triggerSource": "AllResults"
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         },
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
-          "timeRange": "-15m",
-          "threshold": 5,
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 1000,
           "thresholdType": "LessThan",
           "field": null,
-          "occurrenceType": "ResultCount",
-          "triggerSource": "AllResults"
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": true,
-      "playbook": ""
+      "groupNotifications": false,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS DynamoDB - High Account Provisioned Write Capacity",
-      "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "name": "AWS Lambda - Low Provisioned Concurrency Utilization",
+      "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1411,16 +1634,17 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+          "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
-          "thresholdType": "GreaterThanOrEqual",
+          "threshold": 50,
+          "thresholdType": "LessThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -1428,9 +1652,10 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
-          "thresholdType": "LessThan",
+          "threshold": 50,
+          "thresholdType": "GreaterThan",
           "field": null,
           "occurrenceType": "Always",
           "triggerSource": "AnyTimeSeries"
@@ -1439,11 +1664,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon RDS - High Read Latency",
-      "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.",
+      "name": "AWS Classic Load Balancer - High Latency",
+      "description": "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1453,41 +1679,40 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+          "query": "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "MetricsStaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 5,
+          "threshold": 3000,
           "thresholdType": "GreaterThanOrEqual",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "Always"
         },
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "MetricsStaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 5,
+          "threshold": 3000,
           "thresholdType": "LessThan",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "Always"
         }
       ],
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Application Load Balancer - Access from Highly Malicious Sources",
-      "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes",
+      "name": "Amazon RDS - Low Burst Balance",
+      "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.",
       "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Logs",
+      "monitorType": "Metrics",
       "evaluationDelay": "0m",
       "alertName": null,
       "runAs": null,
@@ -1495,39 +1720,42 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?<ClientIp>\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName"
+          "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 0,
-          "thresholdType": "GreaterThan",
+          "threshold": 50,
+          "thresholdType": "LessThanOrEqual",
           "field": null,
-          "occurrenceType": "ResultCount",
-          "triggerSource": "AllResults"
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         },
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 0,
-          "thresholdType": "LessThanOrEqual",
+          "threshold": 50,
+          "thresholdType": "GreaterThan",
           "field": null,
-          "occurrenceType": "ResultCount",
-          "triggerSource": "AllResults"
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": true,
-      "playbook": ""
+      "groupNotifications": false,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS Classic Load Balancer - High 4XX Errors",
-      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.",
+      "name": "Amazon RDS - High Read Latency",
+      "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1537,43 +1765,42 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
-        },
-        {
-          "rowId": "B",
-          "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace"
-        },
-        {
-          "rowId": "C",
-          "query": "#A * 100 / #B along loadbalancername, account, region, namespace"
+          "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "MetricsStaticCondition",
+          "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
-          "occurrenceType": "Always"
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         },
         {
-          "detectionMethod": "MetricsStaticCondition",
+          "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
-          "occurrenceType": "Always"
+          "field": null,
+          "occurrenceType": "Always",
+          "triggerSource": "AnyTimeSeries"
         }
       ],
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon RDS - High CPU Utilization",
-      "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.",
+      "name": "AWS DynamoDB - High Account Provisioned Read Capacity",
+      "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1583,15 +1810,16 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+          "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 80,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -1600,8 +1828,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 85,
+          "threshold": 80,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -1611,11 +1840,12 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "Amazon RDS - High Disk Queue Depth",
-      "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.",
+      "name": "AWS SNS - Failed Notifications",
+      "description": "This alert fires where there are many failed notifications (>=5) within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1625,39 +1855,38 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account"
+          "query": "account=* region=* namespace=aws/sns TopicName=* metric=NumberOfNotificationsFailed Statistic=Sum | sum by account, region, TopicName"
         }
       ],
       "triggers": [
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "MetricsStaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "Always"
         },
         {
-          "detectionMethod": "StaticCondition",
+          "detectionMethod": "MetricsStaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
           "threshold": 5,
           "thresholdType": "LessThan",
-          "field": null,
-          "occurrenceType": "Always",
-          "triggerSource": "AnyTimeSeries"
+          "occurrenceType": "Always"
         }
       ],
       "notifications": [],
       "isDisabled": true,
-      "groupNotifications": false,
-      "playbook": ""
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
     },
     {
-      "name": "AWS DynamoDB - High Account Provisioned Read Capacity",
-      "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.",
+      "name": "AWS Application Load Balancer - High 5XX Errors",
+      "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
       "type": "MonitorsLibraryMonitorExport",
       "monitorType": "Metrics",
       "evaluationDelay": "0m",
@@ -1667,15 +1896,24 @@
       "queries": [
         {
           "rowId": "A",
-          "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account"
+          "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+        },
+        {
+          "rowId": "B",
+          "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace"
+        },
+        {
+          "rowId": "C",
+          "query": "#A * 100 / #B along loadbalancer, account, region, namespace"
         }
       ],
       "triggers": [
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "Critical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
+          "threshold": 5,
           "thresholdType": "GreaterThanOrEqual",
           "field": null,
           "occurrenceType": "Always",
@@ -1684,8 +1922,9 @@
         {
           "detectionMethod": "StaticCondition",
           "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
           "timeRange": "-5m",
-          "threshold": 80,
+          "threshold": 5,
           "thresholdType": "LessThan",
           "field": null,
           "occurrenceType": "Always",
@@ -1695,7 +1934,8 @@
       "notifications": [],
       "isDisabled": true,
       "groupNotifications": false,
-      "playbook": ""
+      "playbook": "",
+      "sloId": null
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/aws-observability/json/Sns-App.json b/aws-observability/json/Sns-App.json
index 1c844430..40aaeedc 100644
--- a/aws-observability/json/Sns-App.json
+++ b/aws-observability/json/Sns-App.json
@@ -1,6 +1,6 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "Amazon - SNS",
+    "name": "AWS - SNS",
     "description": "The Sumo Logic App for Amazon SNS is a unified logs and metrics App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.",
     "children": [
         {
@@ -39,47 +39,71 @@
                 "layoutStructures": [
                     {
                         "key": "panel82FC587B9BACF941",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":11}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
                     },
                     {
                         "key": "panelPANE-A3ADC6ED8EDF2B4C",
-                        "structure": "{\"height\":4,\"width\":6,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":4,\"x\":0,\"y\":0}"
                     },
                     {
                         "key": "panel1FA1906D834C9B46",
-                        "structure": "{\"height\":4,\"width\":6,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":4,\"x\":8,\"y\":0}"
                     },
                     {
                         "key": "panel815D399A933C5940",
-                        "structure": "{\"height\":4,\"width\":6,\"x\":18,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":4,\"x\":12,\"y\":0}"
                     },
                     {
                         "key": "panel81AC01C88E6C8B46",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":11}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
                     },
                     {
                         "key": "panel5DD1E582BAA4A84F",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":17}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
                     },
                     {
                         "key": "panel71CB92F989A1D84E",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":17}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
                     },
                     {
-                        "key": "panelB60F8DEDAEA58B42",
-                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":4}"
+                        "key": "panel27A5906DA65FE84B",
+                        "structure": "{\"height\":4,\"width\":4,\"x\":4,\"y\":0}"
                     },
                     {
-                        "key": "panel5BAB854CBFE61843",
-                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":4}"
+                        "key": "panel99D65C5790DDC84F",
+                        "structure": "{\"height\":4,\"width\":4,\"x\":16,\"y\":0}"
                     },
                     {
-                        "key": "panelD1555A7CB4485845",
-                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":4}"
+                        "key": "panel7A322D0F90151B43",
+                        "structure": "{\"height\":4,\"width\":4,\"x\":20,\"y\":0}"
                     },
                     {
-                        "key": "panel27A5906DA65FE84B",
-                        "structure": "{\"height\":4,\"width\":6,\"x\":6,\"y\":0}"
+                        "key": "panelA614CFEEBC15684C",
+                        "structure": "{\"height\":4,\"width\":3,\"x\":12,\"y\":4}"
+                    },
+                    {
+                        "key": "panel414125AAA91E8849",
+                        "structure": "{\"height\":4,\"width\":3,\"x\":15,\"y\":4}"
+                    },
+                    {
+                        "key": "panel3A4637E1B0D62947",
+                        "structure": "{\"height\":4,\"width\":4,\"x\":4,\"y\":4}"
+                    },
+                    {
+                        "key": "panel795D287F84AD4B47",
+                        "structure": "{\"height\":4,\"width\":4,\"x\":8,\"y\":4}"
+                    },
+                    {
+                        "key": "panel8FAE4AE5AB220B45",
+                        "structure": "{\"height\":4,\"width\":4,\"x\":0,\"y\":4}"
+                    },
+                    {
+                        "key": "panel53EF06C4A2B08A4A",
+                        "structure": "{\"height\":4,\"width\":3,\"x\":18,\"y\":4}"
+                    },
+                    {
+                        "key": "panel9B5290EA9C1C1849",
+                        "structure": "{\"height\":4,\"width\":3,\"x\":21,\"y\":4}"
                     }
                 ]
             },
@@ -87,7 +111,7 @@
                 {
                     "id": null,
                     "key": "panel82FC587B9BACF941",
-                    "title": "Message Publish Size (Today , Yesterday , Last Week)",
+                    "title": "Message Publish Size (Today, Yesterday, Last Week)",
                     "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"hiddenQueryKeys\":[],\"overrides\":[{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"D\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"E\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size (Bytes)\"},\"axisX\":{\"title\":\"\"}}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -141,7 +165,7 @@
                     "id": null,
                     "key": "panelPANE-A3ADC6ED8EDF2B4C",
                     "title": "Messages Published",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Messages\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Messages\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -168,7 +192,7 @@
                     "id": null,
                     "key": "panel1FA1906D834C9B46",
                     "title": "Notifications Delivered",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -221,7 +245,7 @@
                 {
                     "id": null,
                     "key": "panel81AC01C88E6C8B46",
-                    "title": "Messages Published (Today,Yesterday,Last Week)",
+                    "title": "Messages Published (Today, Yesterday, Last Week)",
                     "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Messages\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -274,7 +298,7 @@
                 {
                     "id": null,
                     "key": "panel5DD1E582BAA4A84F",
-                    "title": "Notifications Delivered (Today,Yesterday,Last Week)",
+                    "title": "Notifications Delivered (Today, Yesterday, Last Week)",
                     "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -327,7 +351,7 @@
                 {
                     "id": null,
                     "key": "panel71CB92F989A1D84E",
-                    "title": "Notifications Failed (Today,Yesterday,Last Week) ",
+                    "title": "Notifications Failed (Today, Yesterday, Last Week) ",
                     "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -379,15 +403,95 @@
                 },
                 {
                     "id": null,
-                    "key": "panelB60F8DEDAEA58B42",
-                    "title": "Messages Published by TopicName",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Messages Published\"}}]}",
+                    "key": "panel27A5906DA65FE84B",
+                    "title": "Avg Message Size",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"Bytes\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel99D65C5790DDC84F",
+                    "title": "Failure Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false},\"hiddenQueryKeys\":[\"A\",\"B\"]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum \n\n",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum \n",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#B/(#A+#B)*100",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7A322D0F90151B43",
+                    "title": "Delivery Rate",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false},\"hiddenQueryKeys\":[\"A\",\"B\"]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum \n\n",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -397,6 +501,32 @@
                             "parseMode": "Auto",
                             "timeSource": "Message",
                             "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum \n",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A/(#A+#B)*100",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -406,15 +536,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel5BAB854CBFE61843",
-                    "title": "Notifications Delivered by TopicName",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Notifications Delivered\"}}]}",
+                    "key": "panelA614CFEEBC15684C",
+                    "title": "Notifications Redriven To Dlq",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by TopicName ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsRedrivenToDlq Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -433,15 +563,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panelD1555A7CB4485845",
-                    "title": "Notifications Failed by TopicName ",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Notifications Failed\"}}]}",
+                    "key": "panel414125AAA91E8849",
+                    "title": "Notifications Failed to Redrive to Dlq",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by TopicName ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailedToRedriveToDlq Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -460,15 +590,123 @@
                 },
                 {
                     "id": null,
-                    "key": "panel27A5906DA65FE84B",
-                    "title": "Avg Message Size",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"Bytes\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "key": "panel3A4637E1B0D62947",
+                    "title": "Notifications Filtered Out-InvalidAttributes",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut-InvalidAttributes Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel795D287F84AD4B47",
+                    "title": "Notifications Filtered Out- No Message Attributes",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut-NoMessageAttributes   Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8FAE4AE5AB220B45",
+                    "title": "Notifications Filtered Out",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel53EF06C4A2B08A4A",
+                    "title": "SMS Success Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"SMS\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SMSSuccessRate Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9B5290EA9C1C1849",
+                    "title": "SMS Month To Date Spent USD",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"USD\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SMSMonthToDateSpentUSD Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -626,7 +864,7 @@
                         "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
                     },
                     {
-                        "key": "panel8E54E5239FF80A4D",
+                        "key": "panel46CCAA8DAA25C848",
                         "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":12}"
                     }
                 ]
@@ -695,7 +933,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -722,7 +960,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count \n",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count \n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -749,7 +987,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count,event_status asc",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count,event_status asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -776,7 +1014,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_name\n| sort by _count,event_name asc\n",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_name\n| sort by _count,event_name asc\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -803,7 +1041,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as eventCount by user, event_name\n| transpose row user column event_name",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as eventCount by user, event_name\n| transpose row user column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -982,14 +1220,14 @@
                 {
                     "id": null,
                     "key": "panel2C1AFF3CADD60947",
-                    "title": "Events by TopicName",
+                    "title": "Events by Topic Name",
                     "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| timeslice 1h\n| count as event_count by _timeslice, topic_name\n| transpose row _timeslice column topic_name",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| timeslice 1h\n| count as event_count by _timeslice, topicname\n| transpose row _timeslice column topicname",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1010,16 +1248,16 @@
                     "id": null,
                     "key": "panelPANE-88E3C816ADF55B44",
                     "title": "CloudTrail Audit Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#b6b3b3\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
                 },
                 {
                     "id": null,
-                    "key": "panel8E54E5239FF80A4D",
+                    "key": "panel46CCAA8DAA25C848",
                     "title": "SNS Metrics",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#b6b3b3\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
                     "text": ""
@@ -1134,7 +1372,7 @@
                     },
                     {
                         "key": "panel63133FE7966C3B44",
-                        "structure": "{\"height\":7,\"width\":6,\"x\":5,\"y\":15}"
+                        "structure": "{\"height\":7,\"width\":6,\"x\":5,\"y\":21}"
                     },
                     {
                         "key": "panelA3841CC48DC37A4E",
@@ -1142,19 +1380,19 @@
                     },
                     {
                         "key": "panel08DA60FCB6CBA94F",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":15}"
+                        "structure": "{\"height\":7,\"width\":5,\"x\":0,\"y\":21}"
                     },
                     {
                         "key": "panel554DCC97A661E840",
-                        "structure": "{\"height\":6,\"width\":13,\"x\":11,\"y\":15}"
+                        "structure": "{\"height\":7,\"width\":13,\"x\":11,\"y\":21}"
                     },
                     {
                         "key": "panel8BD78A42A42E2941",
-                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":21}"
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":15}"
                     },
                     {
                         "key": "panel04C58849BF85EA40",
-                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":22}"
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":15}"
                     },
                     {
                         "key": "panelEB163726B40EDB42",
@@ -1174,7 +1412,7 @@
                     },
                     {
                         "key": "panelB3E1C834A1026A43",
-                        "structure": "{\"height\":6,\"width\":14,\"x\":9,\"y\":34}"
+                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":34}"
                     }
                 ]
             },
@@ -1189,7 +1427,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1216,7 +1454,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1243,7 +1481,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count, event_status asc",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop | json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count, event_status asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1270,7 +1508,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by error_code \n| top 10 error_code by event_count\n",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by error_code \n| top 10 error_code by event_count\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1297,7 +1535,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count by _timeslice, event_status\n| fillmissing timeslice(1d), values (\"Success\", \"Failure\") in event_status\n| transpose row _timeslice column event_status",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count by _timeslice, event_status\n| fillmissing timeslice(1d), values (\"Success\", \"Failure\") in event_status\n| transpose row _timeslice column event_status",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1324,7 +1562,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1351,7 +1589,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountid, user, type\n| sort by _timeslice",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1378,7 +1616,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1405,7 +1643,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, name, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1432,7 +1670,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user\n| top 10 user by event_count",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user\n| top 10 user by event_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1459,7 +1697,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user, event_name\n| transpose row user column event_name",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user, event_name\n| transpose row user column event_name",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1486,7 +1724,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name\n| top 10 topic_name by event_count, topic_name asc",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| count as event_count by topicname\n| top 10 topicname by event_count, topicname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1513,7 +1751,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name\n",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1540,7 +1778,484 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name, event_name\n| transpose row topic_name column event_name",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name, event_name\n| transpose row topic_name column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3. Amazon SNS - Threat Intel",
+            "description": "",
+            "title": "3. Amazon SNS - Threat Intel",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel9724CE95BF93284E",
+                        "structure": "{\"height\":12,\"width\":9,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-EF5A8C1DA61C1940",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":9,\"y\":0}"
+                    },
+                    {
+                        "key": "panel55B0B116B41A8B41",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":15,\"y\":0}"
+                    },
+                    {
+                        "key": "panel93F3942D894F494E",
+                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":6}"
+                    },
+                    {
+                        "key": "panel587D1A2C81DA4947",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel9724CE95BF93284E",
+                    "title": "Threat Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isnull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-EF5A8C1DA61C1940",
+                    "title": "All IP Threat Count",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"label\":\"Threats\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| sum(ip_count) as threat_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel55B0B116B41A8B41",
+                    "title": "Malicious Confidence",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| count as Threats by malicious_confidence\n| sort by Threats, malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel93F3942D894F494E",
+                    "title": "Highly Malicious IP Threats Table",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, user_type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user_type, username) as user_type\n| count as ip_count by src_ip, event_name, region, accountid,user_type\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| sort by ip_count\n| fields src_ip, event_name, region, accountid, user_type, actor, malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel587D1A2C81DA4947",
+                    "title": "All IP Threats Table",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, user_type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user_type, username) as user_type\n| count as ip_count by src_ip, event_name, region, accountid,user_type\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and !isNull(malicious_confidence)\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| sort by ip_count\n| sum(ip_count) as threat_count by src_ip, event_name, region, accountid, user_type, malicious_confidence, actor, label_name\n| sort by malicious_confidence",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4. Amazon SNS - Audit Events Details",
+            "description": "",
+            "title": "4. Amazon SNS - Audit Events Details",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel04C58849BF85EA40",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelC8C6B83597FE3847",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":7,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel0DFBD478BF18BA43",
+                        "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":7,\"minHeight\":3,\"minWidth\":3}"
+                    },
+                    {
+                        "key": "panel9D704C229408EB46",
+                        "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":0,\"minHeight\":3,\"minWidth\":3}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel04C58849BF85EA40",
+                    "title": "Create/Delete Topic Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" (CreateTopic or DeleteTopic)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and (event_name= \"CreateTopic\" or event_name= \"DeleteTopic\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice\n| limit 100\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8C6B83597FE3847",
+                    "title": "Read Only Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" (Get* or List* or Verify*)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and (event_name matches \"List*\" or event_name matches \"Get*\" or event_name matches \"Verify*\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0DFBD478BF18BA43",
+                    "title": "Non Read Only Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" \n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !(event_name matches \"List*\") and !(event_name matches \"Get*\") and !(event_name matches \"Verify*\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9D704C229408EB46",
+                    "title": "Subscription Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" (ConfirmSubscription or Subscribe or Unsubscribe)\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and (event_name= \"ConfirmSubscription\" or event_name= \"Subscribe\" or event_name= \"Unsubscribe\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,

From dd7ee36083f421ed85d9c9daf7f5f601556d4371 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Tue, 5 Jul 2022 19:51:31 +0530
Subject: [PATCH 58/82] Separating out all FERs to single file

---
 .../app-modules/alb/app.tf                    |  25 +-
 .../app-modules/apigateway/app.tf             |  26 +-
 .../app-modules/dynamodb/app.tf               |  25 +-
 .../app-modules/ec2metrics/app.tf             |  35 +--
 .../app-modules/ecs/app.tf                    |  26 +-
 .../app-modules/elasticache/app.tf            |  26 +-
 .../app-modules/elb/app.tf                    |  16 +-
 .../app-modules/lambda/app.tf                 |  53 +---
 .../app-modules/rds/app.tf                    |  31 +--
 .../app-modules/sns/app.tf                    |  30 +--
 aws-observability-terraform/field.tf          | 228 ++++++++++++++++++
 11 files changed, 239 insertions(+), 282 deletions(-)

diff --git a/aws-observability-terraform/app-modules/alb/app.tf b/aws-observability-terraform/app-modules/alb/app.tf
index 5568e062..a7304179 100644
--- a/aws-observability-terraform/app-modules/alb/app.tf
+++ b/aws-observability-terraform/app-modules/alb/app.tf
@@ -7,30 +7,7 @@ module "alb_module" {
 
   # ********************** No Metric Rules for ALB ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "LoadBalancer" = {
-  #     field_name = "loadbalancer"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "AlbAccessLogsFieldExtractionRule" = {
-      name             = "AwsObservabilityAlbAccessLogsFER"
-      scope            = "account=* region=* (http or https or h2 or grpcs or ws or wss)"
-      parse_expression = <<EOT
-              | parse "* * * * * * * * * * * * \"*\" \"*\" * * * \"*\"" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId
-              | where Type in ("http", "https", "h2", "grpcs", "ws", "wss")
-              | where !isBlank(loadbalancer)
-              | "aws/applicationelb" as namespace
-              | tolowercase(loadbalancer) as loadbalancer | fields loadbalancer, namespace
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/apigateway/app.tf b/aws-observability-terraform/app-modules/apigateway/app.tf
index b2bd7e17..ede13b35 100644
--- a/aws-observability-terraform/app-modules/apigateway/app.tf
+++ b/aws-observability-terraform/app-modules/apigateway/app.tf
@@ -7,31 +7,7 @@ module "apigateway_module" {
 
   # ********************** No Metric Rules for API Gateway ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "APIName" = {
-  #     field_name = "apiname"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityApiGatewayCloudTrailLogsFER"
-      scope            = "account=* eventname eventsource \"apigateway.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "responseElements", "recipientAccountId" as eventSource, region, responseElements, accountid nodrop
-              | where eventSource = "apigateway.amazonaws.com"
-              | "aws/apigateway" as namespace
-              | json field=responseElements "name" as ApiName nodrop
-              | tolowercase(ApiName) as apiname
-              | fields region, namespace, apiname, accountid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/dynamodb/app.tf b/aws-observability-terraform/app-modules/dynamodb/app.tf
index b98a6ef5..b931de8e 100644
--- a/aws-observability-terraform/app-modules/dynamodb/app.tf
+++ b/aws-observability-terraform/app-modules/dynamodb/app.tf
@@ -7,30 +7,7 @@ module "dynamodb_module" {
 
   # ********************** No Metric Rules for DynamoDB ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "TableName" = {
-  #     field_name = "tablename"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityDynamoDBCloudTrailLogsFER"
-      scope            = "account=* eventname eventsource \"dynamodb.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters.tableName", "recipientAccountId" as eventSource, region, tablename, accountid nodrop
-              | where eventSource = "dynamodb.amazonaws.com"
-              | "aws/dynamodb" as namespace
-              | tolowercase(tablename) as tablename
-              | fields region, namespace, tablename, accountid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/ec2metrics/app.tf b/aws-observability-terraform/app-modules/ec2metrics/app.tf
index a00b39e9..38a67edb 100644
--- a/aws-observability-terraform/app-modules/ec2metrics/app.tf
+++ b/aws-observability-terraform/app-modules/ec2metrics/app.tf
@@ -7,40 +7,7 @@ module "ec2metrics_module" {
 
   # ********************** No Metric Rules for EC2 Metrics ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "InstanceId" = {
-  #     field_name = "instanceid"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs (for EC2 CloudTrail Logs) ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityEC2CloudTrailLogsFER"
-      scope            = "account=* eventname eventsource \"ec2.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
-              | where eventSource = "ec2.amazonaws.com"
-              | "aws/ec2" as namespace
-              | json field=requestParameters "instanceType", "instancesSet", "instanceId", "DescribeInstanceCreditSpecificationsRequest.InstanceId.content" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop
-              | json field=req_instancesSet "item", "items" as req_instancesSet_item, req_instancesSet_items nodrop
-              | parse regex field=req_instancesSet_item "\"instanceId\":\s*\"(?<req_instanceid_3>.*?)\"" nodrop
-              | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?<req_instanceid_4>.*?)\"" nodrop
-              | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop
-              | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?<res_instanceType>.*?)\"" nodrop
-              | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?<res_instanceid>.*?)\"" nodrop
-              | if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid
-              | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid
-              | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType 
-              | tolowercase(instanceid) as instanceid
-              | fields region, namespace, accountid, instanceid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/ecs/app.tf b/aws-observability-terraform/app-modules/ecs/app.tf
index 06c688fe..07e9d142 100644
--- a/aws-observability-terraform/app-modules/ecs/app.tf
+++ b/aws-observability-terraform/app-modules/ecs/app.tf
@@ -7,31 +7,7 @@ module "ecs_module" {
 
   # ********************** No Metric Rules for ECS ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "ClusterName" = {
-  #     field_name = "clustername"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityECSCloudTrailLogsFER"
-      scope            = "account=* eventname eventsource \"ecs.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
-              | json field=requestParameters "cluster" as clustername nodrop
-              | where eventSource = "ecs.amazonaws.com"
-              | "aws/ecs" as namespace
-              | tolowercase(clustername) as clustername
-              | fields region, namespace, clustername, accountid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/elasticache/app.tf b/aws-observability-terraform/app-modules/elasticache/app.tf
index 0f6ece76..34bb11c9 100644
--- a/aws-observability-terraform/app-modules/elasticache/app.tf
+++ b/aws-observability-terraform/app-modules/elasticache/app.tf
@@ -7,31 +7,7 @@ module "elasticache_module" {
 
   # ********************** No Metric Rules for Elasticache ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "CacheClusterId" = {
-  #     field_name = "cacheclusterid"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityElastiCacheCloudTrailLogsFER"
-      scope            = "account=* eventname eventsource \"elasticache.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
-              | where eventSource = "elasticache.amazonaws.com"
-              | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
-              | "aws/elasticache" as namespace
-              | tolowercase(cacheclusterid) as cacheclusterid
-              | fields region, namespace, cacheclusterid, accountid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/elb/app.tf b/aws-observability-terraform/app-modules/elb/app.tf
index 8c59ad21..a719a7da 100644
--- a/aws-observability-terraform/app-modules/elb/app.tf
+++ b/aws-observability-terraform/app-modules/elb/app.tf
@@ -5,21 +5,7 @@ module "classic_elb_module" {
   access_key  = var.access_key
   environment = var.environment
 
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "ElbAccessLogsFieldExtractionRule" = {
-      name             = "AwsObservabilityElbAccessLogsFER"
-      scope            = "account=* region=*"
-      parse_expression = <<EOT
-        | parse "* * * * * * * * * * * \"*\" \"*\" * *" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol
-        | parse regex field=datetime "(?<datetimevalue>\d{0,4}-\d{0,2}-\d{0,2}T\d{0,2}:\d{0,2}:\d{0,2}\.\d+Z)" 
-        | where !isBlank(loadbalancername) and !isBlank(datetimevalue)
-        | "aws/elb" as namespace
-        | tolowercase(loadbalancername) as loadbalancername | fields loadbalancername, namespace
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/lambda/app.tf b/aws-observability-terraform/app-modules/lambda/app.tf
index f8b8a55c..d049a830 100644
--- a/aws-observability-terraform/app-modules/lambda/app.tf
+++ b/aws-observability-terraform/app-modules/lambda/app.tf
@@ -7,58 +7,7 @@ module "lambda_module" {
 
   # ********************** No Metric Rules for Lambda ********************** #
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "FunctionName" = {
-  #     field_name = "functionname"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityFieldExtractionRule"
-      scope            = "account=* eventname eventsource \"lambda.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
-              | where eventSource = "lambda.amazonaws.com"
-              | json field=requestParameters "functionName", "resource" as functionname, resource nodrop
-              | parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
-              | parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
-              | if (isEmpty(functionname), functionname2, functionname) as functionname
-              | "aws/lambda" as namespace
-              | tolowercase(functionname) as functionname
-              | fields region, namespace, functionname, accountid
-      EOT
-      enabled          = true
-    },
-    "CloudWatchFieldExtractionRule" = {
-      name             = "AwsObservabilityLambdaCloudWatchLogsFER"
-      scope            = "account=* region=* _sourceHost=/aws/lambda/*"
-      parse_expression = <<EOT
-              | parse field=_sourceHost "/aws/lambda/*" as functionname
-              | tolowercase(functionname) as functionname
-              | "aws/lambda" as namespace
-              | fields functionname, namespace
-      EOT
-      enabled          = true
-    },
-    "GenericCloudWatchLogsFieldExtractionRule" = {
-      name             = "AwsObservabilityGenericCloudWatchLogsFER"
-      scope            = "account=* region=* _sourceHost=/aws/*"
-      parse_expression = <<EOT
-              | "unknown" as namespace
-              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
-              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
-              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
-              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
-              | fields namespace
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/rds/app.tf b/aws-observability-terraform/app-modules/rds/app.tf
index dd182d4e..19c09cb6 100644
--- a/aws-observability-terraform/app-modules/rds/app.tf
+++ b/aws-observability-terraform/app-modules/rds/app.tf
@@ -32,36 +32,7 @@ module "rds_module" {
     }
   }
 
-  # ********************** Fields ********************** #
-  # managed_fields = {
-  #   "DBIdentifier" = {
-  #     field_name = "dbidentifier"
-  #     data_type  = "String"
-  #     state      = true
-  #   }
-  # }
-
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "CloudTrailFieldExtractionRule" = {
-      name             = "AwsObservabilityRdsCloudTrailLogsFER"
-      scope            = "account=* eventname eventsource \"rds.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
-              | where eventSource = "rds.amazonaws.com"
-              | "aws/rds" as namespace
-              | json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop
-              | json field=responseElements "dBInstanceIdentifier" as dBInstanceIdentifier3 nodrop | json field=responseElements "dBClusterIdentifier" as dBClusterIdentifier3 nodrop
-              | parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName "arn:aws:rds:*:cluster:*" as f1, dBClusterIdentifier2 nodrop
-              | if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier
-              | if (resourceName matches "arn:aws:rds:*:cluster:*", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier
-              | if (isEmpty(dBInstanceIdentifier), dBClusterIdentifier, dBInstanceIdentifier) as dbidentifier
-              | tolowercase(dbidentifier) as dbidentifier
-              | fields region, namespace, dBInstanceIdentifier, dBClusterIdentifier, dbidentifier, accountid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
 
   # ********************** Apps ********************** #
   managed_apps = {
diff --git a/aws-observability-terraform/app-modules/sns/app.tf b/aws-observability-terraform/app-modules/sns/app.tf
index 713a3a9a..b3ca6a02 100644
--- a/aws-observability-terraform/app-modules/sns/app.tf
+++ b/aws-observability-terraform/app-modules/sns/app.tf
@@ -7,34 +7,8 @@ module "sns_module" {
 
   # ********************** No Metric Rules for SNS ********************** #
 
-  # ********************** Fields ********************** #
-  /***
-   managed_fields = {
-     "TopicName" = {
-       field_name = "topicname"
-       data_type  = "String"
-       state      = true
-     }
-   }
-***/
-  # ********************** FERs ********************** #
-  managed_field_extraction_rules = {
-    "SnsCloudTrailLogsFieldExtractionRule" = {
-      name             = "AwsObservabilitySNSCloudTrailLogsFER"
-      scope            = "_sourcecategory=*cloudtrail* \"sns.amazonaws.com\""
-      parse_expression = <<EOT
-              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
-              | json field=requestParameters "topicArn" as req_topicarn nodrop
-              | json field=responseElements "topicArn" as res_topicarn nodrop
-              | if (isBlank(req_topicarn), res_topicarn, req_topicarn) as topicarn
-              | parse field=topicarn "arn:aws:sns:*:*:*" as r, acctid, topicname nodrop
-              | where eventSource = "sns.amazonaws.com"
-              | "aws/sns" as namespace
-              | fields region, namespace, topicname, accountid
-      EOT
-      enabled          = true
-    }
-  }
+  # ********************** Required Fields and FERs are created at aws-observability-terraform/field.tf ********************** #
+  
   # ********************** Apps ********************** #
   managed_apps = {
     "SNSApp" = {
diff --git a/aws-observability-terraform/field.tf b/aws-observability-terraform/field.tf
index 659ed0e0..11b5838f 100644
--- a/aws-observability-terraform/field.tf
+++ b/aws-observability-terraform/field.tf
@@ -1,3 +1,8 @@
+# Wait resource
+resource "time_sleep" "wait_for_10_seconds" {
+  create_duration = "10s"
+}
+
 # common fields
 resource "sumologic_field" "account" {
     data_type  = "String"
@@ -95,10 +100,233 @@ resource "sumologic_field" "dbidentifier" {
     field_name = "dbidentifier"
     state      = "Enabled"
 }
+resource "sumologic_field" "dbclusteridentifier" {
+    data_type  = "String"
+    field_name = "dbclusteridentifier"
+    state      = "Enabled"
+}
+resource "sumologic_field" "dbinstanceidentifier" {
+    data_type  = "String"
+    field_name = "dbinstanceidentifier"
+    state      = "Enabled"
+}
 
 # Used in SNS
 resource "sumologic_field" "topicname" {
     data_type  = "String"
     field_name = "topicname"
     state      = "Enabled"
+}
+
+# ALB access log FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityAlbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityAlbAccessLogsFER"
+      scope = "account=* region=* (http or https or h2 or grpcs or ws or wss)"
+      parse_expression = <<EOT
+              | parse "* * * * * * * * * * * * \"*\" \"*\" * * * \"*\"" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId
+              | where Type in ("http", "https", "h2", "grpcs", "ws", "wss")
+              | where !isBlank(loadbalancer)
+              | "aws/applicationelb" as namespace
+              | tolowercase(loadbalancer) as loadbalancer | fields loadbalancer, namespace
+      EOT
+      enabled = true
+}
+
+# API Gateway CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityApiGatewayCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityApiGatewayCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"apigateway.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "responseElements", "recipientAccountId" as eventSource, region, responseElements, accountid nodrop
+              | where eventSource = "apigateway.amazonaws.com"
+              | "aws/apigateway" as namespace
+              | json field=responseElements "name" as ApiName nodrop
+              | tolowercase(ApiName) as apiname
+              | fields region, namespace, apiname, accountid
+      EOT
+      enabled = true
+}
+
+# DynamoDB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityDynamoDBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityDynamoDBCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"dynamodb.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.tableName", "recipientAccountId" as eventSource, region, tablename, accountid nodrop
+              | where eventSource = "dynamodb.amazonaws.com"
+              | "aws/dynamodb" as namespace
+              | tolowercase(tablename) as tablename
+              | fields region, namespace, tablename, accountid
+      EOT
+      enabled = true
+}
+
+# EC2 CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityEC2CloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityEC2CloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ec2.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "ec2.amazonaws.com"
+              | "aws/ec2" as namespace
+              | json field=requestParameters "instanceType", "instancesSet", "instanceId", "DescribeInstanceCreditSpecificationsRequest.InstanceId.content" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop
+              | json field=req_instancesSet "item", "items" as req_instancesSet_item, req_instancesSet_items nodrop
+              | parse regex field=req_instancesSet_item "\"instanceId\":\s*\"(?<req_instanceid_3>.*?)\"" nodrop
+              | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?<req_instanceid_4>.*?)\"" nodrop
+              | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop
+              | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?<res_instanceType>.*?)\"" nodrop
+              | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?<res_instanceid>.*?)\"" nodrop
+              | if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid
+              | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid
+              | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType 
+              | tolowercase(instanceid) as instanceid
+              | fields region, namespace, accountid, instanceid
+      EOT
+      enabled = true
+}
+
+# ECS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityECSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityECSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ecs.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | json field=requestParameters "cluster" as clustername nodrop
+              | where eventSource = "ecs.amazonaws.com"
+              | "aws/ecs" as namespace
+              | tolowercase(clustername) as clustername
+              | fields region, namespace, clustername, accountid
+      EOT
+      enabled = true
+}
+
+# ElasticCache CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElastiCacheCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElastiCacheCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"elasticache.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
+              | where eventSource = "elasticache.amazonaws.com"
+              | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
+              | "aws/elasticache" as namespace
+              | tolowercase(cacheclusterid) as cacheclusterid
+              | fields region, namespace, cacheclusterid, accountid
+      EOT
+      enabled = true
+}
+
+# CLB Access Logs FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElbAccessLogsFER"
+      scope = "account=* region=*"
+      parse_expression = <<EOT
+        | parse "* * * * * * * * * * * \"*\" \"*\" * *" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol
+        | parse regex field=datetime "(?<datetimevalue>\d{0,4}-\d{0,2}-\d{0,2}T\d{0,2}:\d{0,2}:\d{0,2}\.\d+Z)" 
+        | where !isBlank(loadbalancername) and !isBlank(datetimevalue)
+        | "aws/elb" as namespace
+        | tolowercase(loadbalancername) as loadbalancername | fields loadbalancername, namespace
+      EOT
+      enabled = true
+}
+
+# Lambda CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityFieldExtractionRule" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityFieldExtractionRule"
+      scope = "account=* eventname eventsource \"lambda.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | where eventSource = "lambda.amazonaws.com"
+              | json field=requestParameters "functionName", "resource" as functionname, resource nodrop
+              | parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
+              | parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
+              | if (isEmpty(functionname), functionname2, functionname) as functionname
+              | "aws/lambda" as namespace
+              | tolowercase(functionname) as functionname
+              | fields region, namespace, functionname, accountid
+      EOT
+      enabled = true
+}
+
+# Lambda CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityLambdaCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityLambdaCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/lambda/*"
+      parse_expression = <<EOT
+              | parse field=_sourceHost "/aws/lambda/*" as functionname
+              | tolowercase(functionname) as functionname
+              | "aws/lambda" as namespace
+              | fields functionname, namespace
+      EOT
+      enabled = true
+}
+
+# Generic CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityGenericCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityGenericCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/*"
+      parse_expression = <<EOT
+              | "unknown" as namespace
+              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
+              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
+              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
+              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
+              | fields namespace
+      EOT
+      enabled = true
+}
+
+# RDS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityRdsCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityRdsCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"rds.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "rds.amazonaws.com"
+              | "aws/rds" as namespace
+              | json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop
+              | json field=responseElements "dBInstanceIdentifier" as dBInstanceIdentifier3 nodrop | json field=responseElements "dBClusterIdentifier" as dBClusterIdentifier3 nodrop
+              | parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName "arn:aws:rds:*:cluster:*" as f1, dBClusterIdentifier2 nodrop
+              | if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier
+              | if (resourceName matches "arn:aws:rds:*:cluster:*", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier
+              | if (isEmpty(dBInstanceIdentifier), dBClusterIdentifier, dBInstanceIdentifier) as dbidentifier
+              | tolowercase(dbidentifier) as dbidentifier
+              | fields region, namespace, dBInstanceIdentifier, dBClusterIdentifier, dbidentifier, accountid
+      EOT
+      enabled = true
+}
+
+# SNS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilitySNSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilitySNSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"sns.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop
+              | where event_source = "sns.amazonaws.com"
+              | json field=userIdentity "accountId", "type", "arn", "userName"  as accountid, type, arn, username nodrop
+              | parse field=arn ":assumed-role/*" as user nodrop 
+              | parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop
+              | json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop 
+              | json field=responseElements "topicArn" as res_topic_arn nodrop
+              | if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn
+              | if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn
+              | parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop
+              | parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop
+              | if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname
+              | if (isBlank(accountid), recipient_account_id, accountid) as accountid
+              | "aws/sns" as namespace
+              | fields region, namespace, topicname, accountid
+      EOT
+      enabled = true
 }
\ No newline at end of file

From fd299b54ce718c0bdfa40365133a6f59c98656f2 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Tue, 5 Jul 2022 19:52:12 +0530
Subject: [PATCH 59/82] Updating shell script to import existing FERs

---
 aws-observability-terraform/fields.sh | 38 +++++++++++++++++++--------
 1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/aws-observability-terraform/fields.sh b/aws-observability-terraform/fields.sh
index 5d4d83eb..1505e7d6 100644
--- a/aws-observability-terraform/fields.sh
+++ b/aws-observability-terraform/fields.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # ----------------------------------------------------------------------------------------------------------------------------------------------------------
-# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# This script imports the existing fields and FERs (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
 # For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 # Before using this script, set following environment variables using below commands:
 # export SUMOLOGIC_ENV=""
@@ -22,8 +22,9 @@ else
     SUMOLOGIC_BASE_URL="https://api.${SUMOLOGIC_ENV}.sumologic.com/api/"
 fi
 
-# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
-declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field,FER is added to the solution.
+declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername topicname dbclusteridentifier dbinstanceidentifier)
+declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER)
 
 function get_remaining_fields() {
     local RESPONSE
@@ -83,19 +84,34 @@ if [ $outputVal == 0 ] ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
+    # Get list of all FER present in field schema of user's Sumo Logic org.
+    readonly FER_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/extractionRules | jq '.data[] | del(.parseExpression)' )"
+
+    for FER in "${awso_fer_list[@]}" ; do
+        FER_ID=$( echo "${FER_RESPONSE}" | jq -r "select(.name == \"${FER}\") | .id" )
+        if [[ -z "${FER_ID}" ]]; then
+            # If FER is not present in Sumo org, skip importing
+            continue
+        fi
+        # FER exist in Sumo org, hence import
+        terraform import \
+            sumologic_field_extraction_rule."${FER}" "${FER_ID}"           
+    done
 elif [ $outputVal == 1 ] ; then
-    echo "Couldn't automatically create fields"
-    echo "You do not have enough field capacity to create the required fields automatically."
-    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+    echo "Couldn't automatically create fields and FERS"
+    echo "You do not have enough field capacity to create the required fields and FERS automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields and FERs to free up capacity."
 elif [ $outputVal == 2 ] ; then
-    echo "Error in calling Sumo Logic Fields API."
+    echo "Error in calling Sumo Logic Fields or FER API."
     echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
 elif [ $outputVal == 3 ] ; then
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 else
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 fi
\ No newline at end of file

From c11d97c1e0525fb279d87ef54e721a709c8e3264 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Wed, 6 Jul 2022 17:05:58 +0530
Subject: [PATCH 60/82] CF integration with SNS

---
 .../apps/common/resources.template.yaml       |   2 +-
 .../apps/sns/sns_app.template.yaml            | 223 ++++++++++++++++++
 ...mologic_observability.master.template.yaml |  23 ++
 3 files changed, 247 insertions(+), 1 deletion(-)
 create mode 100755 aws-observability/apps/sns/sns_app.template.yaml

diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml
index 33913dd4..6a58c150 100755
--- a/aws-observability/apps/common/resources.template.yaml
+++ b/aws-observability/apps/common/resources.template.yaml
@@ -700,7 +700,7 @@ Resources:
       ServiceToken: !GetAtt LambdaHelper.Arn
       RemoveOnDeleteStack: false
       HierarchyName: "AWS Observability"
-      HierarchyLevel: {"entityType":"account","nextLevelsWithConditions":[],"nextLevel":{"entityType":"region","nextLevelsWithConditions":[],"nextLevel":{"entityType":"namespace","nextLevelsWithConditions":[{"condition":"AWS/ApplicationElb","level":{"entityType":"loadbalancer","nextLevelsWithConditions":[]}},{"condition":"AWS/ApiGateway","level":{"entityType":"apiname","nextLevelsWithConditions":[]}},{"condition":"AWS/DynamoDB","level":{"entityType":"tablename","nextLevelsWithConditions":[]}},{"condition":"AWS/EC2","level":{"entityType":"instanceid","nextLevelsWithConditions":[]}},{"condition":"AWS/RDS","level":{"entityType":"dbidentifier","nextLevelsWithConditions":[]}},{"condition":"AWS/Lambda","level":{"entityType":"functionname","nextLevelsWithConditions":[]}},{"condition":"AWS/ECS","level":{"entityType":"clustername","nextLevelsWithConditions":[]}},{"condition":"AWS/ElastiCache","level":{"entityType":"cacheclusterid","nextLevelsWithConditions":[]}},{"condition":"AWS/NetworkELB","level":{"entityType":"networkloadbalancer","nextLevelsWithConditions":[]}},{"condition":"AWS/ELB","level":{"entityType":"loadbalancername","nextLevelsWithConditions":[]}}]}}}
+      HierarchyLevel: {"entityType":"account","nextLevelsWithConditions":[],"nextLevel":{"entityType":"region","nextLevelsWithConditions":[],"nextLevel":{"entityType":"namespace","nextLevelsWithConditions":[{"condition":"AWS/ApplicationElb","level":{"entityType":"loadbalancer","nextLevelsWithConditions":[]}},{"condition":"AWS/ApiGateway","level":{"entityType":"apiname","nextLevelsWithConditions":[]}},{"condition":"AWS/DynamoDB","level":{"entityType":"tablename","nextLevelsWithConditions":[]}},{"condition":"AWS/EC2","level":{"entityType":"instanceid","nextLevelsWithConditions":[]}},{"condition":"AWS/RDS","level":{"entityType":"dbidentifier","nextLevelsWithConditions":[]}},{"condition":"AWS/Lambda","level":{"entityType":"functionname","nextLevelsWithConditions":[]}},{"condition":"AWS/ECS","level":{"entityType":"clustername","nextLevelsWithConditions":[]}},{"condition":"AWS/ElastiCache","level":{"entityType":"cacheclusterid","nextLevelsWithConditions":[]}},{"condition":"AWS/NetworkELB","level":{"entityType":"networkloadbalancer","nextLevelsWithConditions":[]}},{"condition":"AWS/ELB","level":{"entityType":"loadbalancername","nextLevelsWithConditions":[]}},{"condition":"AWS/SNS","level":{"entityType":"topicname","nextLevelsWithConditions":[]}}]}}}
       SumoAccessID: !Ref SumoLogicAccessID
       SumoAccessKey: !Ref SumoLogicAccessKey
       SumoDeployment: !Ref SumoLogicDeployment
diff --git a/aws-observability/apps/sns/sns_app.template.yaml b/aws-observability/apps/sns/sns_app.template.yaml
new file mode 100755
index 00000000..f3f1c8e2
--- /dev/null
+++ b/aws-observability/apps/sns/sns_app.template.yaml
@@ -0,0 +1,223 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: 'AWS::Serverless-2016-10-31'
+Description: "Version - v2.5.0: Template to setup the SNS app with AWS and Sumo Logic resources for AWS Observability Solution."
+
+Metadata:
+  'AWS::CloudFormation::Interface':
+    ParameterGroups:
+      - Label:
+          default: "Sumo Logic Access Configuration (Required)"
+        Parameters:
+          - Section1aSumoDeployment
+          - Section1bSumoAccessID
+          - Section1cSumoAccessKey
+          - Section1dRemoveSumoResourcesOnDeleteStack
+          - Section1eOrgId
+
+      - Label:
+          default: "App Details - Sumo Logic App Configuration"
+        Parameters:
+          - Section2aInstallApp
+
+      - Label:
+          default: "App Details - CloudTrail Log Source Configuration"
+        Parameters:
+          - Section3aCloudTrailLogsSourceName
+          - Section3bCloudTrailSourceUpdated
+
+      - Label:
+          default: "Local Parameters. Do Not Edit the values."
+        Parameters:
+          - Section4aParentStackLambdaARN
+          - Section4bTemplatesBucketName
+          - Section4cNestedTemplateVersion
+
+      - Label:
+          default: "App Installation and sharing"
+        Parameters:
+          - Section5aAppInstallLocation
+          - Section5bShare
+
+    ParameterLabels:
+      Section1aSumoDeployment:
+        default: "Sumo Logic Deployment Name"
+      Section1bSumoAccessID:
+        default: "Sumo Logic Access ID"
+      Section1cSumoAccessKey:
+        default: "Sumo Logic Access Key"
+      Section1dRemoveSumoResourcesOnDeleteStack:
+        default: "Delete Sumo Logic Resources when stack is deleted"
+      Section1eOrgId:
+        default: "Sumo Logic Organization Id"
+
+      Section2aInstallApp:
+        default: "Install Sumo Logic App"
+
+      Section3aCloudTrailLogsSourceName:
+        default: "Sumo Logic CloudTrail Logs Source Name"
+      Section3bCloudTrailSourceUpdated:
+        default: "Existing Source Updated"
+
+      Section4aParentStackLambdaARN:
+        default: "If Any, Lambda ARN from parent Stack"
+      Section4bTemplatesBucketName:
+        default: "Nested Templates Bucket Name"
+      Section4cNestedTemplateVersion:
+        default: "Nested Templates Version"
+
+      Section5aAppInstallLocation:
+        default: "App Installation location"
+      Section5bShare:
+        default: "Share"
+
+Parameters:
+  Section1aSumoDeployment:
+    Type: String
+    Default: ""
+    Description: "Enter au, ca, de, eu, jp, us2, in, fed or us1."
+  Section1bSumoAccessID:
+    Type: String
+    Description: "Sumo Logic Access ID. Used for Sumo Logic API calls."
+    AllowedPattern: ".+"
+    ConstraintDescription: "Sumo Logic Access ID can not be empty."
+  Section1cSumoAccessKey:
+    Type: String
+    Description: "Sumo Logic Access Key. Used for Sumo Logic API calls."
+    AllowedPattern: ".+"
+    ConstraintDescription: "Sumo Logic Access Key can not be empty."
+    NoEcho: true
+  Section1dRemoveSumoResourcesOnDeleteStack:
+    AllowedValues:
+      - true
+      - false
+    Default: true
+    Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True.
+                  Deletes the resources created by the stack. Deletion of updated resources will be skipped."
+    Type: String
+  Section1eOrgId:
+    Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page"
+    Type: String
+    AllowedPattern: ".+"
+    ConstraintDescription: "Sumo Logic Organization Id can not be empty."
+
+  Section2aInstallApp:
+    Type: String
+    Description: "Yes - Installs the SNS App for the Sumo Logic AWS Observability Solution.
+                  No - Skips the installation of this app."
+    Default: 'Yes'
+    AllowedValues:
+      - 'Yes'
+      - 'No'
+
+  Section3aCloudTrailLogsSourceName:
+    Type: String
+    Description: Change the CloudTrail Source name to be created else default name will be used.
+    Default: ""
+  Section3bCloudTrailSourceUpdated:
+    Type: String
+    Description: "Yes - If fields are added to the existing source.
+                  No - If a new source was created."
+    Default: 'No'
+    AllowedValues:
+      - 'Yes'
+      - 'No'
+
+  Section4aParentStackLambdaARN:
+    Type: String
+    Default: "ParentStackLambdaARN"
+    Description: Parent Stack Lambda ARN. Do Not Edit the value.
+  Section4bTemplatesBucketName:
+    Type: String
+    AllowedPattern: ".+"
+    Description: Bucket Name for all the nested templates.
+  Section4cNestedTemplateVersion:
+    Type: String
+    Description: "Provide the version for the nested templates. Default is the latest version."
+    AllowedPattern: ".+"
+
+  Section5aAppInstallLocation:
+    Type: String
+    Description: "Personal Folder - Installs App in user's Personal folder.
+                  Admin Recommended Folder - Installs App in admin Recommended Folder"
+    Default: 'Personal Folder'
+    AllowedValues:
+      - 'Personal Folder'
+      - 'Admin Recommended Folder'
+  Section5bShare:
+    Type: String
+    Description: "True - Installed App will be visible to all members of the organisation.
+                  False - Installed App will be visible to you only."
+    Default: 'True'
+    AllowedValues:
+      - 'True'
+      - 'False'
+
+Conditions:
+  install_app: !Equals [!Ref Section2aInstallApp, 'Yes']
+
+  create_fer: !Not [!Equals [!Ref Section3aCloudTrailLogsSourceName, '']]
+
+  source_updated: !Equals [!Ref Section3bCloudTrailSourceUpdated, 'Yes']
+
+Resources:
+
+  sumoApp:
+    Type: Custom::App
+    Condition: install_app
+    Properties:
+      ServiceToken: !Ref Section4aParentStackLambdaARN
+      Region: !Ref "AWS::Region"
+      AppName: "AWS Observability SNS App"
+      RemoveOnDeleteStack: !Ref Section1dRemoveSumoResourcesOnDeleteStack
+      FolderName: !Sub "AWS Observability ${Section4cNestedTemplateVersion} "
+      RetainOldAppOnUpdate: true
+      SumoAccessID: !Ref Section1bSumoAccessID
+      SumoAccessKey: !Ref Section1cSumoAccessKey
+      SumoDeployment: !Ref Section1aSumoDeployment
+      AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/Sns-App.json"
+      location: !Ref Section5aAppInstallLocation
+      share: !Ref Section5bShare
+      orgid: !Ref Section1eOrgId
+
+  FieldExtractionRule:
+    Type: Custom::SumoLogicFieldExtractionRule
+    Condition: create_fer
+    DependsOn: AddTopicNameField
+    Properties:
+      ServiceToken: !Ref Section4aParentStackLambdaARN
+      RemoveOnDeleteStack: false
+      FieldExtractionRuleName: "AwsObservabilitySNSCloudTrailLogsFER"
+      FieldExtractionRuleScope: !Join
+        - ""
+        - - "(_source="
+          - !If [source_updated, !Sub "\"${Section3aCloudTrailLogsSourceName}\"", !Ref Section3aCloudTrailLogsSourceName]
+          - " (\"sns.amazonaws.com\"))"
+      FieldExtractionRuleParseExpression: '| json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop
+                                           | where event_source = "sns.amazonaws.com"
+                                           | json field=userIdentity "accountId", "type", "arn", "userName"  as accountid, type, arn, username nodrop
+                                           | parse field=arn ":assumed-role/*" as user nodrop 
+                                           | parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop
+                                           | json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop 
+                                           | json field=responseElements "topicArn" as res_topic_arn nodrop
+                                           | if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn
+                                           | if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn
+                                           | parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop
+                                           | parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop
+                                           | if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname
+                                           | if (isBlank(accountid), recipient_account_id, accountid) as accountid
+                                           | "aws/sns" as namespace
+                                           | fields region, namespace, topicname, accountid'
+      FieldExtractionRuleParseEnabled: true
+      SumoAccessID: !Ref Section1bSumoAccessID
+      SumoAccessKey: !Ref Section1cSumoAccessKey
+      SumoDeployment: !Ref Section1aSumoDeployment
+
+  AddTopicNameField:
+    Type: Custom::SumoLogicFieldsSchema
+    Properties:
+      ServiceToken: !Ref Section4aParentStackLambdaARN
+      FieldName: "topicname"
+      RemoveOnDeleteStack: false
+      SumoAccessID: !Ref Section1bSumoAccessID
+      SumoAccessKey: !Ref Section1cSumoAccessKey
+      SumoDeployment: !Ref Section1aSumoDeployment
\ No newline at end of file
diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml
index 771c862c..f4f72290 100755
--- a/aws-observability/templates/sumologic_observability.master.template.yaml
+++ b/aws-observability/templates/sumologic_observability.master.template.yaml
@@ -700,6 +700,29 @@ Resources:
         Section5bShare: !Ref Section10bShare
         Section1eOrgId: !Ref Section1dSumoLogicOrganizationId
 
+  sumoSNSAppStack:
+    Type: AWS::CloudFormation::Stack
+    DependsOn: sumoEC2MetricsAppStack
+    Properties:
+      TemplateURL: !Sub
+        - "https://${BucketName}.s3.amazonaws.com/aws-observability-versions/${Version}/sns/sns_app.template.yaml"
+        - BucketName: !FindInMap [CommonData, NestedTemplate, BucketName]
+          Version: !FindInMap [CommonData, NestedTemplate, Version]
+      Parameters:
+        Section1aSumoDeployment: !Ref Section1aSumoLogicDeployment
+        Section1bSumoAccessID: !Ref Section1bSumoLogicAccessID
+        Section1cSumoAccessKey: !Ref Section1cSumoLogicAccessKey
+        Section1dRemoveSumoResourcesOnDeleteStack: !Ref Section1eSumoLogicResourceRemoveOnDeleteStack
+        Section2aInstallApp: !If [install_overview_dashboards, !GetAtt CreateCommonResources.Outputs.PaidAccountCheck, "No"]
+        Section3aCloudTrailLogsSourceName: !If [create_cloudtrail_source, "*cloudtrail-logs*", !If [update_cloudtrail_logs_source, !GetAtt sumoLambdaMetricsAppStack.Outputs.ExistingCloudTrailLogSourceName, "" ] ]
+        Section3bCloudTrailSourceUpdated: !If [update_cloudtrail_logs_source, "Yes", "No"]
+        Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN
+        Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName]
+        Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version]
+        Section5aAppInstallLocation: !Ref Section10aAppInstallLocation
+        Section5bShare: !Ref Section10bShare
+        Section1eOrgId: !Ref Section1dSumoLogicOrganizationId
+        
   RootCauseAppStack:
     Type: AWS::CloudFormation::Stack
     DependsOn: sumoLambdaMetricsAppStack

From 1d0c4f238daa0194bc3ee33b920730b989ca6c67 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Wed, 6 Jul 2022 17:35:53 +0530
Subject: [PATCH 61/82] added monitors

---
 .../app-modules/main.tf                       |  2 +-
 .../app-modules/sns/app.tf                    | 96 ++++++-------------
 .../app-modules/variables.tf                  |  8 +-
 3 files changed, 38 insertions(+), 68 deletions(-)

diff --git a/aws-observability-terraform/app-modules/main.tf b/aws-observability-terraform/app-modules/main.tf
index a0fbd962..75f42b9f 100644
--- a/aws-observability-terraform/app-modules/main.tf
+++ b/aws-observability-terraform/app-modules/main.tf
@@ -236,7 +236,7 @@ module "sns_app" {
   json_file_directory_path = var.json_file_directory_path
   app_folder_id            = sumologic_folder.apps_folder.id
   monitor_folder_id        = sumologic_monitor_folder.monitor_folder.id
-  monitors_disabled        = var.apigateway_monitors_disabled
+  monitors_disabled        = var.sns_monitors_disabled
   connection_notifications = var.connection_notifications
   email_notifications      = var.email_notifications
   group_notifications      = var.group_notifications
diff --git a/aws-observability-terraform/app-modules/sns/app.tf b/aws-observability-terraform/app-modules/sns/app.tf
index 53b943d2..278ad243 100644
--- a/aws-observability-terraform/app-modules/sns/app.tf
+++ b/aws-observability-terraform/app-modules/sns/app.tf
@@ -53,18 +53,16 @@ module "sns_module" {
 
 
   # ********************** Monitors ********************** #
-  /***
+  
   managed_monitors = {
-    "AWSAPIGatewayHigh5XXErrors" = {
-      monitor_name         = "AWS API Gateway - High 5XX Errors"
-      monitor_description  = "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes."
+    "AWSSNSFailedNotifications" = {
+      monitor_name         = "AWS SNS - Failed Notifications"
+      monitor_description  = "This alert fires where there are many failed notifications (>=5) within an interval of 5 minutes."
       monitor_monitor_type = "Metrics"
       monitor_parent_id    = var.monitor_folder_id
       monitor_is_disabled  = var.monitors_disabled
       queries = {
-        A = "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
-        B = "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
-        C = "#A * 100 / #B along account, region, namespace"
+        A = "account=* region=* namespace=aws/sns TopicName=* metric=NumberOfNotificationsFailed Statistic=Sum \n| sum by account, region, TopicName"
       }
       triggers = [
         {
@@ -90,16 +88,14 @@ module "sns_module" {
       connection_notifications = var.connection_notifications
       email_notifications      = var.email_notifications
     },
-    "AWSAPIGatewayHigh4XXErrors" = {
-      monitor_name         = "AWS API Gateway - High 4XX Errors"
-      monitor_description  = "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes."
-      monitor_monitor_type = "Metrics"
+    "AWSSNSFailedEvents" = {
+      monitor_name         = "AWS SNS - Failed Events"
+      monitor_description  = "This alert fires when an SNS app has high number of failed events (>5) within last 5 minutes"
+      monitor_monitor_type = "Logs"
       monitor_parent_id    = var.monitor_folder_id
       monitor_is_disabled  = var.monitors_disabled
       queries = {
-        A = "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
-        B = "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace"
-        C = "#A * 100 / #B along apiname, account, region, namespace"
+        A = "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode \n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop \n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop \n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop \n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn \n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn \n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop \n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop \n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname \n| if (isBlank(accountid), recipient_account_id, accountid) as accountid \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status \n| if (isEmpty(username), user, username) as user \n| count as event_count by event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent"
       }
       triggers = [
         {
@@ -108,8 +104,8 @@ module "sns_module" {
           trigger_type     = "Critical",
           threshold        = 5,
           threshold_type   = "GreaterThanOrEqual",
-          occurrence_type  = "Always",
-          trigger_source   = "AnyTimeSeries"
+          occurrence_type  = "ResultCount",
+          trigger_source   = "AllResults"
         },
         {
           detection_method = "StaticCondition",
@@ -117,74 +113,42 @@ module "sns_module" {
           trigger_type     = "ResolvedCritical",
           threshold        = 5,
           threshold_type   = "LessThan",
-          occurrence_type  = "Always",
-          trigger_source   = "AnyTimeSeries"
-        }
-      ]
-      group_notifications      = var.group_notifications
-      connection_notifications = var.connection_notifications
-      email_notifications      = var.email_notifications
-    },
-    "AWSAPIGatewayHighIntegrationLatency" = {
-      monitor_name         = "AWS API Gateway - High Integration Latency"
-      monitor_description  = "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes."
-      monitor_monitor_type = "Metrics"
-      monitor_parent_id    = var.monitor_folder_id
-      monitor_is_disabled  = var.monitors_disabled
-      queries = {
-        A = "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
-      }
-      triggers = [
-        {
-          detection_method = "StaticCondition",
-          time_range       = "-5m",
-          trigger_type     = "Critical",
-          threshold        = 1000,
-          threshold_type   = "GreaterThanOrEqual",
-          occurrence_type  = "Always",
-          trigger_source   = "AnyTimeSeries"
-        },
-        {
-          detection_method = "StaticCondition",
-          time_range       = "-5m",
-          trigger_type     = "ResolvedCritical",
-          threshold        = 1000,
-          threshold_type   = "LessThan",
-          occurrence_type  = "Always",
-          trigger_source   = "AnyTimeSeries"
+          occurrence_type  = "ResultCount",
+          trigger_source   = "AllResults"
         }
       ]
       group_notifications      = var.group_notifications
       connection_notifications = var.connection_notifications
       email_notifications      = var.email_notifications
     },
-    "AWSAPIGatewayHighLatency" = {
-      monitor_name         = "AWS API Gateway - High Latency"
-      monitor_description  = "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes."
-      monitor_monitor_type = "Metrics"
+    "AWSSNSAccessfromHighlyMaliciousSources" = {
+      monitor_name         = "AWS SNS - Access from Highly Malicious Sources"
+      monitor_description  = "This alert fires when an Application AWS - SNS is accessed from highly malicious IP addresses within last 5 minutes"
+      monitor_monitor_type = "Logs"
       monitor_parent_id    = var.monitor_folder_id
       monitor_is_disabled  = var.monitors_disabled
-      queries = {
-        A = "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account"
+      queries = {   
+        A = "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress \n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop \n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, user_type, arn, username nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop \n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop \n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn \n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn \n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop \n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop \n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname \n| if (isBlank(accountid), recipient_account_id, accountid) as accountid \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status \n| if (isEmpty(username), user_type, username) as user_type \n| count as ip_count by src_ip, event_name, region, accountid,user_type \n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| where type=\"ip_address\" and malicious_confidence = \"high\" \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name \n| replace(label_name, \"\\\"\",\" \") as label_name \n| if (isEmpty(actor), \"Unassigned\", actor) as actor \n| sum(ip_count) as threat_count by src_ip, event_name, region, accountid, malicious_confidence, actor, label_name"
+
       }
       triggers = [
         {
           detection_method = "StaticCondition",
           time_range       = "-5m",
           trigger_type     = "Critical",
-          threshold        = 1000,
-          threshold_type   = "GreaterThanOrEqual",
-          occurrence_type  = "Always",
-          trigger_source   = "AnyTimeSeries"
+          threshold        = 0,
+          threshold_type   = "GreaterThan",
+          occurrence_type  = "ResultCount",
+          trigger_source   = "AllResults"
         },
         {
           detection_method = "StaticCondition",
           time_range       = "-5m",
           trigger_type     = "ResolvedCritical",
-          threshold        = 1000,
-          threshold_type   = "LessThan",
-          occurrence_type  = "Always",
-          trigger_source   = "AnyTimeSeries"
+          threshold        = 0,
+          threshold_type   = "LessThanOrEqual",
+          occurrence_type  = "ResultCount",
+          trigger_source   = "AllResults"
         }
       ]
       group_notifications      = var.group_notifications
@@ -192,5 +156,5 @@ module "sns_module" {
       email_notifications      = var.email_notifications
     }
   }
-  ***/
+  
 }
\ No newline at end of file
diff --git a/aws-observability-terraform/app-modules/variables.tf b/aws-observability-terraform/app-modules/variables.tf
index 202bab5e..d63ccb20 100644
--- a/aws-observability-terraform/app-modules/variables.tf
+++ b/aws-observability-terraform/app-modules/variables.tf
@@ -49,7 +49,7 @@ variable "apps_folder_name" {
             Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
             Default value will be: AWS Observability Apps
         EOT
-  default     = "AWS Observability Apps"
+  default     = "AWS Observability Apps- Somya Testing Monitors SNS"
 }
 
 variable "parent_folder_id" {
@@ -119,6 +119,12 @@ variable "apigateway_monitors_disabled" {
   default     = true
 }
 
+variable "sns_monitors_disabled" {
+  type        = bool
+  description = "Indicates if the SNS App monitors should be enabled. true to disable; false to enable."
+  default     = true
+}
+
 variable "dynamodb_monitors_disabled" {
   type        = bool
   description = "Indicates if DynamoDB Apps monitors should be enabled. true to disable; false to enable."

From 6fbb46f9b3c4d0cda75f51f59b29093423f83485 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Wed, 6 Jul 2022 17:39:13 +0530
Subject: [PATCH 62/82] corrected folder name

---
 aws-observability-terraform/app-modules/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability-terraform/app-modules/variables.tf b/aws-observability-terraform/app-modules/variables.tf
index d63ccb20..b8dfc795 100644
--- a/aws-observability-terraform/app-modules/variables.tf
+++ b/aws-observability-terraform/app-modules/variables.tf
@@ -49,7 +49,7 @@ variable "apps_folder_name" {
             Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
             Default value will be: AWS Observability Apps
         EOT
-  default     = "AWS Observability Apps- Somya Testing Monitors SNS"
+  default     = "AWS Observability Apps"
 }
 
 variable "parent_folder_id" {

From 62aa5719a87f9f41c7e6d3a94e3625ba6e3de383 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Thu, 7 Jul 2022 13:38:00 +0530
Subject: [PATCH 63/82] Updating test terraform files

---
 .../examples/appmodule/field.tf               | 235 ++++++++++++++++++
 .../examples/appmodule/fields.sh              |  39 ++-
 .../sourcemodule/overrideSources/field.tf     | 235 ++++++++++++++++++
 .../sourcemodule/overrideSources/fields.sh    |  39 ++-
 .../examples/sourcemodule/testSource/field.tf | 235 ++++++++++++++++++
 .../sourcemodule/testSource/fields.sh         |  39 ++-
 6 files changed, 789 insertions(+), 33 deletions(-)

diff --git a/aws-observability-terraform/examples/appmodule/field.tf b/aws-observability-terraform/examples/appmodule/field.tf
index 1b7dc985..11b5838f 100644
--- a/aws-observability-terraform/examples/appmodule/field.tf
+++ b/aws-observability-terraform/examples/appmodule/field.tf
@@ -1,3 +1,8 @@
+# Wait resource
+resource "time_sleep" "wait_for_10_seconds" {
+  create_duration = "10s"
+}
+
 # common fields
 resource "sumologic_field" "account" {
     data_type  = "String"
@@ -94,4 +99,234 @@ resource "sumologic_field" "dbidentifier" {
     data_type  = "String"
     field_name = "dbidentifier"
     state      = "Enabled"
+}
+resource "sumologic_field" "dbclusteridentifier" {
+    data_type  = "String"
+    field_name = "dbclusteridentifier"
+    state      = "Enabled"
+}
+resource "sumologic_field" "dbinstanceidentifier" {
+    data_type  = "String"
+    field_name = "dbinstanceidentifier"
+    state      = "Enabled"
+}
+
+# Used in SNS
+resource "sumologic_field" "topicname" {
+    data_type  = "String"
+    field_name = "topicname"
+    state      = "Enabled"
+}
+
+# ALB access log FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityAlbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityAlbAccessLogsFER"
+      scope = "account=* region=* (http or https or h2 or grpcs or ws or wss)"
+      parse_expression = <<EOT
+              | parse "* * * * * * * * * * * * \"*\" \"*\" * * * \"*\"" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId
+              | where Type in ("http", "https", "h2", "grpcs", "ws", "wss")
+              | where !isBlank(loadbalancer)
+              | "aws/applicationelb" as namespace
+              | tolowercase(loadbalancer) as loadbalancer | fields loadbalancer, namespace
+      EOT
+      enabled = true
+}
+
+# API Gateway CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityApiGatewayCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityApiGatewayCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"apigateway.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "responseElements", "recipientAccountId" as eventSource, region, responseElements, accountid nodrop
+              | where eventSource = "apigateway.amazonaws.com"
+              | "aws/apigateway" as namespace
+              | json field=responseElements "name" as ApiName nodrop
+              | tolowercase(ApiName) as apiname
+              | fields region, namespace, apiname, accountid
+      EOT
+      enabled = true
+}
+
+# DynamoDB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityDynamoDBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityDynamoDBCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"dynamodb.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.tableName", "recipientAccountId" as eventSource, region, tablename, accountid nodrop
+              | where eventSource = "dynamodb.amazonaws.com"
+              | "aws/dynamodb" as namespace
+              | tolowercase(tablename) as tablename
+              | fields region, namespace, tablename, accountid
+      EOT
+      enabled = true
+}
+
+# EC2 CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityEC2CloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityEC2CloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ec2.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "ec2.amazonaws.com"
+              | "aws/ec2" as namespace
+              | json field=requestParameters "instanceType", "instancesSet", "instanceId", "DescribeInstanceCreditSpecificationsRequest.InstanceId.content" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop
+              | json field=req_instancesSet "item", "items" as req_instancesSet_item, req_instancesSet_items nodrop
+              | parse regex field=req_instancesSet_item "\"instanceId\":\s*\"(?<req_instanceid_3>.*?)\"" nodrop
+              | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?<req_instanceid_4>.*?)\"" nodrop
+              | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop
+              | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?<res_instanceType>.*?)\"" nodrop
+              | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?<res_instanceid>.*?)\"" nodrop
+              | if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid
+              | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid
+              | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType 
+              | tolowercase(instanceid) as instanceid
+              | fields region, namespace, accountid, instanceid
+      EOT
+      enabled = true
+}
+
+# ECS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityECSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityECSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ecs.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | json field=requestParameters "cluster" as clustername nodrop
+              | where eventSource = "ecs.amazonaws.com"
+              | "aws/ecs" as namespace
+              | tolowercase(clustername) as clustername
+              | fields region, namespace, clustername, accountid
+      EOT
+      enabled = true
+}
+
+# ElasticCache CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElastiCacheCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElastiCacheCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"elasticache.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
+              | where eventSource = "elasticache.amazonaws.com"
+              | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
+              | "aws/elasticache" as namespace
+              | tolowercase(cacheclusterid) as cacheclusterid
+              | fields region, namespace, cacheclusterid, accountid
+      EOT
+      enabled = true
+}
+
+# CLB Access Logs FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElbAccessLogsFER"
+      scope = "account=* region=*"
+      parse_expression = <<EOT
+        | parse "* * * * * * * * * * * \"*\" \"*\" * *" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol
+        | parse regex field=datetime "(?<datetimevalue>\d{0,4}-\d{0,2}-\d{0,2}T\d{0,2}:\d{0,2}:\d{0,2}\.\d+Z)" 
+        | where !isBlank(loadbalancername) and !isBlank(datetimevalue)
+        | "aws/elb" as namespace
+        | tolowercase(loadbalancername) as loadbalancername | fields loadbalancername, namespace
+      EOT
+      enabled = true
+}
+
+# Lambda CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityFieldExtractionRule" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityFieldExtractionRule"
+      scope = "account=* eventname eventsource \"lambda.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | where eventSource = "lambda.amazonaws.com"
+              | json field=requestParameters "functionName", "resource" as functionname, resource nodrop
+              | parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
+              | parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
+              | if (isEmpty(functionname), functionname2, functionname) as functionname
+              | "aws/lambda" as namespace
+              | tolowercase(functionname) as functionname
+              | fields region, namespace, functionname, accountid
+      EOT
+      enabled = true
+}
+
+# Lambda CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityLambdaCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityLambdaCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/lambda/*"
+      parse_expression = <<EOT
+              | parse field=_sourceHost "/aws/lambda/*" as functionname
+              | tolowercase(functionname) as functionname
+              | "aws/lambda" as namespace
+              | fields functionname, namespace
+      EOT
+      enabled = true
+}
+
+# Generic CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityGenericCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityGenericCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/*"
+      parse_expression = <<EOT
+              | "unknown" as namespace
+              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
+              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
+              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
+              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
+              | fields namespace
+      EOT
+      enabled = true
+}
+
+# RDS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityRdsCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityRdsCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"rds.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "rds.amazonaws.com"
+              | "aws/rds" as namespace
+              | json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop
+              | json field=responseElements "dBInstanceIdentifier" as dBInstanceIdentifier3 nodrop | json field=responseElements "dBClusterIdentifier" as dBClusterIdentifier3 nodrop
+              | parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName "arn:aws:rds:*:cluster:*" as f1, dBClusterIdentifier2 nodrop
+              | if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier
+              | if (resourceName matches "arn:aws:rds:*:cluster:*", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier
+              | if (isEmpty(dBInstanceIdentifier), dBClusterIdentifier, dBInstanceIdentifier) as dbidentifier
+              | tolowercase(dbidentifier) as dbidentifier
+              | fields region, namespace, dBInstanceIdentifier, dBClusterIdentifier, dbidentifier, accountid
+      EOT
+      enabled = true
+}
+
+# SNS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilitySNSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilitySNSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"sns.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop
+              | where event_source = "sns.amazonaws.com"
+              | json field=userIdentity "accountId", "type", "arn", "userName"  as accountid, type, arn, username nodrop
+              | parse field=arn ":assumed-role/*" as user nodrop 
+              | parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop
+              | json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop 
+              | json field=responseElements "topicArn" as res_topic_arn nodrop
+              | if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn
+              | if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn
+              | parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop
+              | parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop
+              | if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname
+              | if (isBlank(accountid), recipient_account_id, accountid) as accountid
+              | "aws/sns" as namespace
+              | fields region, namespace, topicname, accountid
+      EOT
+      enabled = true
 }
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/appmodule/fields.sh b/aws-observability-terraform/examples/appmodule/fields.sh
index 5d4d83eb..0b908284 100644
--- a/aws-observability-terraform/examples/appmodule/fields.sh
+++ b/aws-observability-terraform/examples/appmodule/fields.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # ----------------------------------------------------------------------------------------------------------------------------------------------------------
-# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# This script imports the existing fields and FERs (required by aws observability solution) if field(s) and FER(s) are already present in the user's Sumo Logic account.
 # For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 # Before using this script, set following environment variables using below commands:
 # export SUMOLOGIC_ENV=""
@@ -23,7 +23,9 @@ else
 fi
 
 # awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
-declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+declare -ra awso_list=(account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname)
+# awso_fer_list contains FERs required for AWS Obervablity Solution. Update the list if new FER is added to the solution.
+declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER)
 
 function get_remaining_fields() {
     local RESPONSE
@@ -66,7 +68,7 @@ function should_create_fields() {
 
 should_create_fields
 outputVal=$?
-# Sumo Logic fields in field schema - Decide to import
+# Sumo Logic fields in field schema, FERs in FER schema - Decide to import
 if [ $outputVal == 0 ] ; then
     # Get list of all fields present in field schema of user's Sumo Logic org.
     readonly FIELDS_RESPONSE="$(curl -XGET -s \
@@ -83,19 +85,34 @@ if [ $outputVal == 0 ] ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
+    # Get list of all FER present in FER schema of user's Sumo Logic org.
+    readonly FER_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/extractionRules | jq '.data[] | del(.parseExpression)' )"
+
+    for FER in "${awso_fer_list[@]}" ; do
+        FER_ID=$( echo "${FER_RESPONSE}" | jq -r "select(.name == \"${FER}\") | .id" )
+        if [[ -z "${FER_ID}" ]]; then
+            # If FER is not present in Sumo org, skip importing
+            continue
+        fi
+        # FER exist in Sumo org, hence import
+        terraform import \
+            sumologic_field_extraction_rule."${FER}" "${FER_ID}"           
+    done
 elif [ $outputVal == 1 ] ; then
-    echo "Couldn't automatically create fields"
-    echo "You do not have enough field capacity to create the required fields automatically."
-    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+    echo "Couldn't automatically create fields and FERS"
+    echo "You do not have enough field capacity to create the required fields and FERS automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields and FERs to free up capacity."
 elif [ $outputVal == 2 ] ; then
-    echo "Error in calling Sumo Logic Fields API."
+    echo "Error in calling Sumo Logic Fields or FER API."
     echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
 elif [ $outputVal == 3 ] ; then
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 else
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 fi
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf
index 1b7dc985..11b5838f 100644
--- a/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/field.tf
@@ -1,3 +1,8 @@
+# Wait resource
+resource "time_sleep" "wait_for_10_seconds" {
+  create_duration = "10s"
+}
+
 # common fields
 resource "sumologic_field" "account" {
     data_type  = "String"
@@ -94,4 +99,234 @@ resource "sumologic_field" "dbidentifier" {
     data_type  = "String"
     field_name = "dbidentifier"
     state      = "Enabled"
+}
+resource "sumologic_field" "dbclusteridentifier" {
+    data_type  = "String"
+    field_name = "dbclusteridentifier"
+    state      = "Enabled"
+}
+resource "sumologic_field" "dbinstanceidentifier" {
+    data_type  = "String"
+    field_name = "dbinstanceidentifier"
+    state      = "Enabled"
+}
+
+# Used in SNS
+resource "sumologic_field" "topicname" {
+    data_type  = "String"
+    field_name = "topicname"
+    state      = "Enabled"
+}
+
+# ALB access log FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityAlbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityAlbAccessLogsFER"
+      scope = "account=* region=* (http or https or h2 or grpcs or ws or wss)"
+      parse_expression = <<EOT
+              | parse "* * * * * * * * * * * * \"*\" \"*\" * * * \"*\"" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId
+              | where Type in ("http", "https", "h2", "grpcs", "ws", "wss")
+              | where !isBlank(loadbalancer)
+              | "aws/applicationelb" as namespace
+              | tolowercase(loadbalancer) as loadbalancer | fields loadbalancer, namespace
+      EOT
+      enabled = true
+}
+
+# API Gateway CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityApiGatewayCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityApiGatewayCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"apigateway.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "responseElements", "recipientAccountId" as eventSource, region, responseElements, accountid nodrop
+              | where eventSource = "apigateway.amazonaws.com"
+              | "aws/apigateway" as namespace
+              | json field=responseElements "name" as ApiName nodrop
+              | tolowercase(ApiName) as apiname
+              | fields region, namespace, apiname, accountid
+      EOT
+      enabled = true
+}
+
+# DynamoDB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityDynamoDBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityDynamoDBCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"dynamodb.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.tableName", "recipientAccountId" as eventSource, region, tablename, accountid nodrop
+              | where eventSource = "dynamodb.amazonaws.com"
+              | "aws/dynamodb" as namespace
+              | tolowercase(tablename) as tablename
+              | fields region, namespace, tablename, accountid
+      EOT
+      enabled = true
+}
+
+# EC2 CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityEC2CloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityEC2CloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ec2.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "ec2.amazonaws.com"
+              | "aws/ec2" as namespace
+              | json field=requestParameters "instanceType", "instancesSet", "instanceId", "DescribeInstanceCreditSpecificationsRequest.InstanceId.content" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop
+              | json field=req_instancesSet "item", "items" as req_instancesSet_item, req_instancesSet_items nodrop
+              | parse regex field=req_instancesSet_item "\"instanceId\":\s*\"(?<req_instanceid_3>.*?)\"" nodrop
+              | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?<req_instanceid_4>.*?)\"" nodrop
+              | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop
+              | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?<res_instanceType>.*?)\"" nodrop
+              | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?<res_instanceid>.*?)\"" nodrop
+              | if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid
+              | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid
+              | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType 
+              | tolowercase(instanceid) as instanceid
+              | fields region, namespace, accountid, instanceid
+      EOT
+      enabled = true
+}
+
+# ECS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityECSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityECSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ecs.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | json field=requestParameters "cluster" as clustername nodrop
+              | where eventSource = "ecs.amazonaws.com"
+              | "aws/ecs" as namespace
+              | tolowercase(clustername) as clustername
+              | fields region, namespace, clustername, accountid
+      EOT
+      enabled = true
+}
+
+# ElasticCache CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElastiCacheCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElastiCacheCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"elasticache.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
+              | where eventSource = "elasticache.amazonaws.com"
+              | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
+              | "aws/elasticache" as namespace
+              | tolowercase(cacheclusterid) as cacheclusterid
+              | fields region, namespace, cacheclusterid, accountid
+      EOT
+      enabled = true
+}
+
+# CLB Access Logs FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElbAccessLogsFER"
+      scope = "account=* region=*"
+      parse_expression = <<EOT
+        | parse "* * * * * * * * * * * \"*\" \"*\" * *" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol
+        | parse regex field=datetime "(?<datetimevalue>\d{0,4}-\d{0,2}-\d{0,2}T\d{0,2}:\d{0,2}:\d{0,2}\.\d+Z)" 
+        | where !isBlank(loadbalancername) and !isBlank(datetimevalue)
+        | "aws/elb" as namespace
+        | tolowercase(loadbalancername) as loadbalancername | fields loadbalancername, namespace
+      EOT
+      enabled = true
+}
+
+# Lambda CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityFieldExtractionRule" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityFieldExtractionRule"
+      scope = "account=* eventname eventsource \"lambda.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | where eventSource = "lambda.amazonaws.com"
+              | json field=requestParameters "functionName", "resource" as functionname, resource nodrop
+              | parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
+              | parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
+              | if (isEmpty(functionname), functionname2, functionname) as functionname
+              | "aws/lambda" as namespace
+              | tolowercase(functionname) as functionname
+              | fields region, namespace, functionname, accountid
+      EOT
+      enabled = true
+}
+
+# Lambda CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityLambdaCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityLambdaCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/lambda/*"
+      parse_expression = <<EOT
+              | parse field=_sourceHost "/aws/lambda/*" as functionname
+              | tolowercase(functionname) as functionname
+              | "aws/lambda" as namespace
+              | fields functionname, namespace
+      EOT
+      enabled = true
+}
+
+# Generic CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityGenericCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityGenericCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/*"
+      parse_expression = <<EOT
+              | "unknown" as namespace
+              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
+              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
+              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
+              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
+              | fields namespace
+      EOT
+      enabled = true
+}
+
+# RDS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityRdsCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityRdsCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"rds.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "rds.amazonaws.com"
+              | "aws/rds" as namespace
+              | json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop
+              | json field=responseElements "dBInstanceIdentifier" as dBInstanceIdentifier3 nodrop | json field=responseElements "dBClusterIdentifier" as dBClusterIdentifier3 nodrop
+              | parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName "arn:aws:rds:*:cluster:*" as f1, dBClusterIdentifier2 nodrop
+              | if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier
+              | if (resourceName matches "arn:aws:rds:*:cluster:*", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier
+              | if (isEmpty(dBInstanceIdentifier), dBClusterIdentifier, dBInstanceIdentifier) as dbidentifier
+              | tolowercase(dbidentifier) as dbidentifier
+              | fields region, namespace, dBInstanceIdentifier, dBClusterIdentifier, dbidentifier, accountid
+      EOT
+      enabled = true
+}
+
+# SNS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilitySNSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilitySNSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"sns.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop
+              | where event_source = "sns.amazonaws.com"
+              | json field=userIdentity "accountId", "type", "arn", "userName"  as accountid, type, arn, username nodrop
+              | parse field=arn ":assumed-role/*" as user nodrop 
+              | parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop
+              | json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop 
+              | json field=responseElements "topicArn" as res_topic_arn nodrop
+              | if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn
+              | if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn
+              | parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop
+              | parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop
+              | if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname
+              | if (isBlank(accountid), recipient_account_id, accountid) as accountid
+              | "aws/sns" as namespace
+              | fields region, namespace, topicname, accountid
+      EOT
+      enabled = true
 }
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh b/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh
index 5d4d83eb..0b908284 100644
--- a/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/fields.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # ----------------------------------------------------------------------------------------------------------------------------------------------------------
-# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# This script imports the existing fields and FERs (required by aws observability solution) if field(s) and FER(s) are already present in the user's Sumo Logic account.
 # For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 # Before using this script, set following environment variables using below commands:
 # export SUMOLOGIC_ENV=""
@@ -23,7 +23,9 @@ else
 fi
 
 # awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
-declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+declare -ra awso_list=(account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname)
+# awso_fer_list contains FERs required for AWS Obervablity Solution. Update the list if new FER is added to the solution.
+declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER)
 
 function get_remaining_fields() {
     local RESPONSE
@@ -66,7 +68,7 @@ function should_create_fields() {
 
 should_create_fields
 outputVal=$?
-# Sumo Logic fields in field schema - Decide to import
+# Sumo Logic fields in field schema, FERs in FER schema - Decide to import
 if [ $outputVal == 0 ] ; then
     # Get list of all fields present in field schema of user's Sumo Logic org.
     readonly FIELDS_RESPONSE="$(curl -XGET -s \
@@ -83,19 +85,34 @@ if [ $outputVal == 0 ] ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
+    # Get list of all FER present in FER schema of user's Sumo Logic org.
+    readonly FER_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/extractionRules | jq '.data[] | del(.parseExpression)' )"
+
+    for FER in "${awso_fer_list[@]}" ; do
+        FER_ID=$( echo "${FER_RESPONSE}" | jq -r "select(.name == \"${FER}\") | .id" )
+        if [[ -z "${FER_ID}" ]]; then
+            # If FER is not present in Sumo org, skip importing
+            continue
+        fi
+        # FER exist in Sumo org, hence import
+        terraform import \
+            sumologic_field_extraction_rule."${FER}" "${FER_ID}"           
+    done
 elif [ $outputVal == 1 ] ; then
-    echo "Couldn't automatically create fields"
-    echo "You do not have enough field capacity to create the required fields automatically."
-    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+    echo "Couldn't automatically create fields and FERS"
+    echo "You do not have enough field capacity to create the required fields and FERS automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields and FERs to free up capacity."
 elif [ $outputVal == 2 ] ; then
-    echo "Error in calling Sumo Logic Fields API."
+    echo "Error in calling Sumo Logic Fields or FER API."
     echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
 elif [ $outputVal == 3 ] ; then
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 else
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 fi
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/field.tf b/aws-observability-terraform/examples/sourcemodule/testSource/field.tf
index 1b7dc985..11b5838f 100644
--- a/aws-observability-terraform/examples/sourcemodule/testSource/field.tf
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/field.tf
@@ -1,3 +1,8 @@
+# Wait resource
+resource "time_sleep" "wait_for_10_seconds" {
+  create_duration = "10s"
+}
+
 # common fields
 resource "sumologic_field" "account" {
     data_type  = "String"
@@ -94,4 +99,234 @@ resource "sumologic_field" "dbidentifier" {
     data_type  = "String"
     field_name = "dbidentifier"
     state      = "Enabled"
+}
+resource "sumologic_field" "dbclusteridentifier" {
+    data_type  = "String"
+    field_name = "dbclusteridentifier"
+    state      = "Enabled"
+}
+resource "sumologic_field" "dbinstanceidentifier" {
+    data_type  = "String"
+    field_name = "dbinstanceidentifier"
+    state      = "Enabled"
+}
+
+# Used in SNS
+resource "sumologic_field" "topicname" {
+    data_type  = "String"
+    field_name = "topicname"
+    state      = "Enabled"
+}
+
+# ALB access log FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityAlbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityAlbAccessLogsFER"
+      scope = "account=* region=* (http or https or h2 or grpcs or ws or wss)"
+      parse_expression = <<EOT
+              | parse "* * * * * * * * * * * * \"*\" \"*\" * * * \"*\"" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId
+              | where Type in ("http", "https", "h2", "grpcs", "ws", "wss")
+              | where !isBlank(loadbalancer)
+              | "aws/applicationelb" as namespace
+              | tolowercase(loadbalancer) as loadbalancer | fields loadbalancer, namespace
+      EOT
+      enabled = true
+}
+
+# API Gateway CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityApiGatewayCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityApiGatewayCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"apigateway.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "responseElements", "recipientAccountId" as eventSource, region, responseElements, accountid nodrop
+              | where eventSource = "apigateway.amazonaws.com"
+              | "aws/apigateway" as namespace
+              | json field=responseElements "name" as ApiName nodrop
+              | tolowercase(ApiName) as apiname
+              | fields region, namespace, apiname, accountid
+      EOT
+      enabled = true
+}
+
+# DynamoDB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityDynamoDBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityDynamoDBCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"dynamodb.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.tableName", "recipientAccountId" as eventSource, region, tablename, accountid nodrop
+              | where eventSource = "dynamodb.amazonaws.com"
+              | "aws/dynamodb" as namespace
+              | tolowercase(tablename) as tablename
+              | fields region, namespace, tablename, accountid
+      EOT
+      enabled = true
+}
+
+# EC2 CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityEC2CloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityEC2CloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ec2.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "ec2.amazonaws.com"
+              | "aws/ec2" as namespace
+              | json field=requestParameters "instanceType", "instancesSet", "instanceId", "DescribeInstanceCreditSpecificationsRequest.InstanceId.content" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop
+              | json field=req_instancesSet "item", "items" as req_instancesSet_item, req_instancesSet_items nodrop
+              | parse regex field=req_instancesSet_item "\"instanceId\":\s*\"(?<req_instanceid_3>.*?)\"" nodrop
+              | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?<req_instanceid_4>.*?)\"" nodrop
+              | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop
+              | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?<res_instanceType>.*?)\"" nodrop
+              | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?<res_instanceid>.*?)\"" nodrop
+              | if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid
+              | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid
+              | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType 
+              | tolowercase(instanceid) as instanceid
+              | fields region, namespace, accountid, instanceid
+      EOT
+      enabled = true
+}
+
+# ECS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityECSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityECSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"ecs.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | json field=requestParameters "cluster" as clustername nodrop
+              | where eventSource = "ecs.amazonaws.com"
+              | "aws/ecs" as namespace
+              | tolowercase(clustername) as clustername
+              | fields region, namespace, clustername, accountid
+      EOT
+      enabled = true
+}
+
+# ElasticCache CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElastiCacheCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElastiCacheCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"elasticache.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
+              | where eventSource = "elasticache.amazonaws.com"
+              | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
+              | "aws/elasticache" as namespace
+              | tolowercase(cacheclusterid) as cacheclusterid
+              | fields region, namespace, cacheclusterid, accountid
+      EOT
+      enabled = true
+}
+
+# CLB Access Logs FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityElbAccessLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityElbAccessLogsFER"
+      scope = "account=* region=*"
+      parse_expression = <<EOT
+        | parse "* * * * * * * * * * * \"*\" \"*\" * *" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol
+        | parse regex field=datetime "(?<datetimevalue>\d{0,4}-\d{0,2}-\d{0,2}T\d{0,2}:\d{0,2}:\d{0,2}\.\d+Z)" 
+        | where !isBlank(loadbalancername) and !isBlank(datetimevalue)
+        | "aws/elb" as namespace
+        | tolowercase(loadbalancername) as loadbalancername | fields loadbalancername, namespace
+      EOT
+      enabled = true
+}
+
+# Lambda CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityFieldExtractionRule" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityFieldExtractionRule"
+      scope = "account=* eventname eventsource \"lambda.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
+              | where eventSource = "lambda.amazonaws.com"
+              | json field=requestParameters "functionName", "resource" as functionname, resource nodrop
+              | parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
+              | parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
+              | if (isEmpty(functionname), functionname2, functionname) as functionname
+              | "aws/lambda" as namespace
+              | tolowercase(functionname) as functionname
+              | fields region, namespace, functionname, accountid
+      EOT
+      enabled = true
+}
+
+# Lambda CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityLambdaCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityLambdaCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/lambda/*"
+      parse_expression = <<EOT
+              | parse field=_sourceHost "/aws/lambda/*" as functionname
+              | tolowercase(functionname) as functionname
+              | "aws/lambda" as namespace
+              | fields functionname, namespace
+      EOT
+      enabled = true
+}
+
+# Generic CloudWatch FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityGenericCloudWatchLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityGenericCloudWatchLogsFER"
+      scope = "account=* region=* _sourceHost=/aws/*"
+      parse_expression = <<EOT
+              | "unknown" as namespace
+              | if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace
+              | if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace
+              | if (_sourceHost matches "/aws/ecs/containerinsights/*", "ecs/containerinsights", namespace) as namespace
+              | if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace
+              | fields namespace
+      EOT
+      enabled = true
+}
+
+# RDS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityRdsCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityRdsCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"rds.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop
+              | where eventSource = "rds.amazonaws.com"
+              | "aws/rds" as namespace
+              | json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1 nodrop
+              | json field=responseElements "dBInstanceIdentifier" as dBInstanceIdentifier3 nodrop | json field=responseElements "dBClusterIdentifier" as dBClusterIdentifier3 nodrop
+              | parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop | parse field=resourceName "arn:aws:rds:*:cluster:*" as f1, dBClusterIdentifier2 nodrop
+              | if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier
+              | if (resourceName matches "arn:aws:rds:*:cluster:*", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier
+              | if (isEmpty(dBInstanceIdentifier), dBClusterIdentifier, dBInstanceIdentifier) as dbidentifier
+              | tolowercase(dbidentifier) as dbidentifier
+              | fields region, namespace, dBInstanceIdentifier, dBClusterIdentifier, dbidentifier, accountid
+      EOT
+      enabled = true
+}
+
+# SNS CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilitySNSCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilitySNSCloudTrailLogsFER"
+      scope = "account=* eventname eventsource \"sns.amazonaws.com\""
+      parse_expression = <<EOT
+              | json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop
+              | where event_source = "sns.amazonaws.com"
+              | json field=userIdentity "accountId", "type", "arn", "userName"  as accountid, type, arn, username nodrop
+              | parse field=arn ":assumed-role/*" as user nodrop 
+              | parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop
+              | json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop 
+              | json field=responseElements "topicArn" as res_topic_arn nodrop
+              | if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn
+              | if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn
+              | parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop
+              | parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop
+              | if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname
+              | if (isBlank(accountid), recipient_account_id, accountid) as accountid
+              | "aws/sns" as namespace
+              | fields region, namespace, topicname, accountid
+      EOT
+      enabled = true
 }
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh b/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh
index 5d4d83eb..0b908284 100644
--- a/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/fields.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # ----------------------------------------------------------------------------------------------------------------------------------------------------------
-# This script imports the existing fields (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# This script imports the existing fields and FERs (required by aws observability solution) if field(s) and FER(s) are already present in the user's Sumo Logic account.
 # For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 # Before using this script, set following environment variables using below commands:
 # export SUMOLOGIC_ENV=""
@@ -23,7 +23,9 @@ else
 fi
 
 # awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
-declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername)
+declare -ra awso_list=(account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname)
+# awso_fer_list contains FERs required for AWS Obervablity Solution. Update the list if new FER is added to the solution.
+declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER)
 
 function get_remaining_fields() {
     local RESPONSE
@@ -66,7 +68,7 @@ function should_create_fields() {
 
 should_create_fields
 outputVal=$?
-# Sumo Logic fields in field schema - Decide to import
+# Sumo Logic fields in field schema, FERs in FER schema - Decide to import
 if [ $outputVal == 0 ] ; then
     # Get list of all fields present in field schema of user's Sumo Logic org.
     readonly FIELDS_RESPONSE="$(curl -XGET -s \
@@ -83,19 +85,34 @@ if [ $outputVal == 0 ] ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
+    # Get list of all FER present in FER schema of user's Sumo Logic org.
+    readonly FER_RESPONSE="$(curl -XGET -s \
+        -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
+        "${SUMOLOGIC_BASE_URL}"v1/extractionRules | jq '.data[] | del(.parseExpression)' )"
+
+    for FER in "${awso_fer_list[@]}" ; do
+        FER_ID=$( echo "${FER_RESPONSE}" | jq -r "select(.name == \"${FER}\") | .id" )
+        if [[ -z "${FER_ID}" ]]; then
+            # If FER is not present in Sumo org, skip importing
+            continue
+        fi
+        # FER exist in Sumo org, hence import
+        terraform import \
+            sumologic_field_extraction_rule."${FER}" "${FER_ID}"           
+    done
 elif [ $outputVal == 1 ] ; then
-    echo "Couldn't automatically create fields"
-    echo "You do not have enough field capacity to create the required fields automatically."
-    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields to free up capacity."
+    echo "Couldn't automatically create fields and FERS"
+    echo "You do not have enough field capacity to create the required fields and FERS automatically."
+    echo "Please refer to https://help.sumologic.com/Manage/Fields to manually create the fields after you have removed unused fields and FERs to free up capacity."
 elif [ $outputVal == 2 ] ; then
-    echo "Error in calling Sumo Logic Fields API."
+    echo "Error in calling Sumo Logic Fields or FER API."
     echo "User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not valid."
 elif [ $outputVal == 3 ] ; then
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. Credentials could not be verified. Cross check SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY."
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 else
-    echo "Error in calling Sumo Logic Fields API. The reasons can be:"
+    echo "Error in calling Sumo Logic Fields or FERs API. The reasons can be:"
     echo "1. User's credentials (SUMOLOGIC_ACCESSID and SUMOLOGIC_ACCESSKEY) are not associated with SUMOLOGIC_ENV"
-    echo "2. You do not have the role capabilities to create Sumo Logic fields. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
+    echo "2. You do not have the role capabilities to create Sumo Logic fields or FERs. Please see the Sumo Logic docs on role capabilities https://help.sumologic.com/Manage/Users-and-Roles/Manage-Roles/05-Role-Capabilities"
 fi
\ No newline at end of file

From 40bc1d070f06e8c676f7729e821e8981953b9a36 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Thu, 7 Jul 2022 13:38:32 +0530
Subject: [PATCH 64/82] updating comments in shell script

---
 aws-observability-terraform/fields.sh | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/aws-observability-terraform/fields.sh b/aws-observability-terraform/fields.sh
index 1505e7d6..0b908284 100644
--- a/aws-observability-terraform/fields.sh
+++ b/aws-observability-terraform/fields.sh
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # ----------------------------------------------------------------------------------------------------------------------------------------------------------
-# This script imports the existing fields and FERs (required by aws observability solution) if field(s) already present in the user's Sumo Logic account.
+# This script imports the existing fields and FERs (required by aws observability solution) if field(s) and FER(s) are already present in the user's Sumo Logic account.
 # For SUMOLOGIC_ENV, provide one from the list : au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security"
 # Before using this script, set following environment variables using below commands:
 # export SUMOLOGIC_ENV=""
@@ -22,9 +22,10 @@ else
     SUMOLOGIC_BASE_URL="https://api.${SUMOLOGIC_ENV}.sumologic.com/api/"
 fi
 
-# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field,FER is added to the solution.
-declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername topicname dbclusteridentifier dbinstanceidentifier)
-declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER)
+# awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution.
+declare -ra awso_list=(account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname)
+# awso_fer_list contains FERs required for AWS Obervablity Solution. Update the list if new FER is added to the solution.
+declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER)
 
 function get_remaining_fields() {
     local RESPONSE
@@ -67,7 +68,7 @@ function should_create_fields() {
 
 should_create_fields
 outputVal=$?
-# Sumo Logic fields in field schema - Decide to import
+# Sumo Logic fields in field schema, FERs in FER schema - Decide to import
 if [ $outputVal == 0 ] ; then
     # Get list of all fields present in field schema of user's Sumo Logic org.
     readonly FIELDS_RESPONSE="$(curl -XGET -s \
@@ -84,7 +85,7 @@ if [ $outputVal == 0 ] ; then
         terraform import \
             sumologic_field."${FIELD}" "${FIELD_ID}"
     done
-    # Get list of all FER present in field schema of user's Sumo Logic org.
+    # Get list of all FER present in FER schema of user's Sumo Logic org.
     readonly FER_RESPONSE="$(curl -XGET -s \
         -u "${SUMOLOGIC_ACCESSID}:${SUMOLOGIC_ACCESSKEY}" \
         "${SUMOLOGIC_BASE_URL}"v1/extractionRules | jq '.data[] | del(.parseExpression)' )"

From fe7e00be8fff2282c7a8274279fb8b478a4de29e Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 7 Jul 2022 17:37:55 +0530
Subject: [PATCH 65/82] Update README.md

---
 aws-observability-terraform/test/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/aws-observability-terraform/test/README.md b/aws-observability-terraform/test/README.md
index 9d506858..05eb481a 100644
--- a/aws-observability-terraform/test/README.md
+++ b/aws-observability-terraform/test/README.md
@@ -21,6 +21,8 @@
 
 ### Success Criteria
 If all the test cases are passed successfully, then you can expect the below output. 
+<img width="1024" alt="image" src="https://user-images.githubusercontent.com/87634042/177769474-4ba63eac-cea2-4ba0-8256-17a47e3be7a5.png">
+
 
 ### Failure Criteria
 If any of the test cases failed, then you can expect the below output. 
@@ -56,6 +58,8 @@ Currently we have validations for following entities, If apart from them any new
 
 ### Success Criteria
 If all the test cases are passed successfully, then you can expect the below output. 
+<img width="1024" alt="image" src="https://user-images.githubusercontent.com/87634042/177769443-1a194b56-7b9d-4d5b-a3ba-3c44434cef2f.png">
+
 
 ### Failure Criteria
 If any of the test cases failed, then you can expect the below output. 
@@ -83,4 +87,4 @@ Currently we have validations for following entities, If apart from them any new
    - validateLambda
    - validateCFStack
    - validateKFstream
-   - validateCWmetricstream
\ No newline at end of file
+   - validateCWmetricstream

From ae2f2f79c151444dd160b3d530d211470a014a45 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 7 Jul 2022 17:38:45 +0530
Subject: [PATCH 66/82] Updating test/appmodule README

---
 aws-observability-terraform/test/appmodule/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/aws-observability-terraform/test/appmodule/README.md b/aws-observability-terraform/test/appmodule/README.md
index ea4101c0..b5fbcc04 100644
--- a/aws-observability-terraform/test/appmodule/README.md
+++ b/aws-observability-terraform/test/appmodule/README.md
@@ -21,6 +21,8 @@
 
 ### Success Criteria
 If all the test cases are passed successfully, then you can expect the below output. 
+<img width="1024" alt="image" src="https://user-images.githubusercontent.com/87634042/177769539-535a565c-e25c-4d6c-878b-1aeac41256b8.png">
+
 
 ### Failure Criteria
 If any of the test cases failed, then you can expect the below output. 
@@ -38,4 +40,4 @@ Currently we have validations for following entities, If apart from them any new
    - validateSumoLogicField
    - validateSumoLogicMetricRule
    - validateSumoLogicMonitorsFolder
-   - validateSumoLogicHierarchy
\ No newline at end of file
+   - validateSumoLogicHierarchy

From b2e730a51de9af0f9c9023e95ab621e006d895aa Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <87634042+himsharma01@users.noreply.github.com>
Date: Thu, 7 Jul 2022 17:39:28 +0530
Subject: [PATCH 67/82] Updating test/sourcemodule README

---
 aws-observability-terraform/test/sourcemodule/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/aws-observability-terraform/test/sourcemodule/README.md b/aws-observability-terraform/test/sourcemodule/README.md
index fd2ac4ff..8817633c 100644
--- a/aws-observability-terraform/test/sourcemodule/README.md
+++ b/aws-observability-terraform/test/sourcemodule/README.md
@@ -23,6 +23,8 @@
 
 ### Success Criteria
 If all the test cases are passed successfully, then you can expect the below output. 
+<img width="1024" alt="image" src="https://user-images.githubusercontent.com/87634042/177769695-79631f57-ea51-4fd7-b9cc-ab75251c052b.png">
+
 
 ### Failure Criteria
 If any of the test cases failed, then you can expect the below output. 
@@ -50,4 +52,4 @@ Currently we have validations for following entities, If apart from them any new
    - validateLambda
    - validateCFStack
    - validateKFstream
-   - validateCWmetricstream
\ No newline at end of file
+   - validateCWmetricstream

From bf597cdff15f66480e0cc6ae5425f6ed515dc6f8 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Jul 2022 14:44:12 +0530
Subject: [PATCH 68/82] Handling fields, FERs and Apps folder id output

---
 .../examples/appmodule/output.tf              | 65 +++++++++++++++----
 1 file changed, 51 insertions(+), 14 deletions(-)

diff --git a/aws-observability-terraform/examples/appmodule/output.tf b/aws-observability-terraform/examples/appmodule/output.tf
index 6b8f5d91..e8c46725 100644
--- a/aws-observability-terraform/examples/appmodule/output.tf
+++ b/aws-observability-terraform/examples/appmodule/output.tf
@@ -20,7 +20,12 @@ output "dynamodb_apps_folder_id" {
 
 output "ec2metrics_apps_folder_id" {
   value       = module.sumo-module.sumologic_content_ec2metrics.EC2MetricsApp.id
-  description = "This output contains sumologic EC2 metrics apps folder."
+  description = "This output contains sumologic EC2 host metrics apps folder."
+}
+
+output "ec2CWmetrics_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_ec2metrics.EC2CWMetricsApp.id
+  description = "This output contains sumologic EC2 CW metrics apps folder."
 }
 
 output "ecs_apps_folder_id" {
@@ -58,6 +63,11 @@ output "rds_apps_folder_id" {
   description = "This output contains sumologic RDS apps folder."
 }
 
+output "sns_apps_folder_id" {
+  value       = module.sumo-module.sumologic_content_sns.SNSApp.id
+  description = "This output contains sumologic SNS apps folder."
+}
+
 output "monitors_folder_id" {
   value       = module.sumo-module.sumologic_monitors_folder.id
   description = "This output contains sumologic monitors folder."
@@ -70,64 +80,76 @@ output "hierarchy_id" {
 
 # API gateway FER id
 output "sumologic_field_extraction_rule_apigateway" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_apigateway.CloudTrailFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityApiGatewayCloudTrailLogsFER.id
   description = "This output contains sumologic API gateway field extraction rule id."
 }
 
 # ALB FER id
 output "sumologic_field_extraction_rule_alb" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_alb.AlbAccessLogsFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityAlbAccessLogsFER.id
   description = "This output contains sumologic ALB field extraction rule id."
 }
 
 # CLB FER id
 output "sumologic_field_extraction_rule_elb" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_elb.ElbAccessLogsFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityElbAccessLogsFER.id
   description = "This output contains sumologic CLB field extraction rule id."
 }
 
 # DynamoDB FER id
 output "sumologic_field_extraction_rule_dynamodb" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_dynamodb.CloudTrailFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityDynamoDBCloudTrailLogsFER.id
   description = "This output contains sumologic dynamoDB field extraction rule id."
 }
 
 # Elasticache FER id
 output "sumologic_field_extraction_rule_elasticache" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_elasticache.CloudTrailFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityElastiCacheCloudTrailLogsFER.id
   description = "This output contains sumologic Elasticache field extraction rule id."
 }
 
 # ECS FER id
 output "sumologic_field_extraction_rule_ecs" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_ecs.CloudTrailFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityECSCloudTrailLogsFER.id
   description = "This output contains sumologic ECS field extraction rule id."
 }
 
 # EC2 FER id
-# output "sumologic_field_extraction_rule_ec2metrics" {
-#   value       = module.sumo-module.sumologic_field_extraction_rule_ec2metrics.CloudTrailFieldExtractionRule.id
-#   description = "This output contains sumologic EC2 field extraction rule id."
-# }
+output "sumologic_field_extraction_rule_ec2metrics" {
+  value       = sumologic_field_extraction_rule.AwsObservabilityEC2CloudTrailLogsFER.id
+  description = "This output contains sumologic EC2 field extraction rule id."
+}
 
 # Lambda CloudTrail FER id
 output "sumologic_field_extraction_rule_lambda" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_lambda.CloudTrailFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityFieldExtractionRule.id
   description = "This output contains sumologic Lambda cloudtrail field extraction rule id."
 }
 
 # Lambda CloudWatch FER id
 output "sumologic_field_extraction_rule_lambda_cw" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_lambda.CloudWatchFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityLambdaCloudWatchLogsFER.id
   description = "This output contains sumologic Lambda cloudwatch field extraction rule id."
 }
 
 # RDS FER id
 output "sumologic_field_extraction_rule_rds" {
-  value       = module.sumo-module.sumologic_field_extraction_rule_rds.CloudTrailFieldExtractionRule.id
+  value       = sumologic_field_extraction_rule.AwsObservabilityRdsCloudTrailLogsFER.id
   description = "This output contains sumologic RDS field extraction rule id."
 }
 
+# CloudWatch generic FER id
+output "sumologic_field_extraction_rule_cw" {
+  value       = sumologic_field_extraction_rule.AwsObservabilityGenericCloudWatchLogsFER.id
+  description = "This output contains sumologic CloudWatch logs generic field extraction rule id."
+}
+
+# SNS FER id
+output "sumologic_field_extraction_rule_sns" {
+  value       = sumologic_field_extraction_rule.AwsObservabilitySNSCloudTrailLogsFER.id
+  description = "This output contains sumologic SNS field extraction rule id."
+}
+
 # NLB Metric rule
 output "sumologic_metric_rule_nlb" {
   value       = module.sumo-module.sumologic_metric_rules_nlb.NLBMetricRule.triggers.name
@@ -214,4 +236,19 @@ output "sumologic_field_networkloadbalancer" {
 output "sumologic_field_dbidentifier" {
   value       = sumologic_field.dbidentifier.id
   description = "This output contains sumologic dbidentifier field id."
+}
+
+output "sumologic_field_topicname" {
+  value       = sumologic_field.topicname.id
+  description = "This output contains sumologic topicname field id."
+}
+
+output "sumologic_field_dbclusteridentifier" {
+  value       = sumologic_field.dbclusteridentifier.id
+  description = "This output contains sumologic dbclusteridentifier field id."
+}
+
+output "sumologic_field_dbinstanceidentifier" {
+  value       = sumologic_field.dbinstanceidentifier.id
+  description = "This output contains sumologic dbinstanceidentifier field id."
 }
\ No newline at end of file

From 99ee8467efa145c524986b5a3c6fc4a6b26074a8 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Jul 2022 14:48:02 +0530
Subject: [PATCH 69/82] Update and validate new resources created

---
 .../test/appmodule/validateSumo.go            | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/aws-observability-terraform/test/appmodule/validateSumo.go b/aws-observability-terraform/test/appmodule/validateSumo.go
index 8dbb9494..6f4028b9 100644
--- a/aws-observability-terraform/test/appmodule/validateSumo.go
+++ b/aws-observability-terraform/test/appmodule/validateSumo.go
@@ -81,7 +81,13 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the RDS App folder is created successfully
 	rdsFolderID := terraform.Output(t, terraformOptions, "rds_apps_folder_id")
 	validateSumoLogicAppsFolder(t, terraformOptions, rdsFolderID)
+	// Validate if the EC2 CloudWatch metrics App folder is created successfully
+	ec2cwmetricsFolderID := terraform.Output(t, terraformOptions, "ec2CWmetrics_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, ec2cwmetricsFolderID)
 	time.Sleep(2 * time.Second)
+	// Validate if the SNS App folder is created successfully
+	snsFolderID := terraform.Output(t, terraformOptions, "sns_apps_folder_id")
+	validateSumoLogicAppsFolder(t, terraformOptions, snsFolderID)
 
 	// Monitor Folder
 	// Validate if the Monitors folder is created successfully
@@ -94,10 +100,10 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the ALB FER is created successfully
 	albFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_alb")
 	validateSumoLogicFER(t, terraformOptions, albFerID)
+	time.Sleep(2 * time.Second)
 	// Validate if the API Gateway FER is created successfully
 	apigatewayFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_apigateway")
 	validateSumoLogicFER(t, terraformOptions, apigatewayFerID)
-	time.Sleep(2 * time.Second)
 	// Validate if the DynamoDB FER is created successfully
 	dynamodbFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_dynamodb")
 	validateSumoLogicFER(t, terraformOptions, dynamodbFerID)
@@ -107,10 +113,10 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the Elasticache FER is created successfully
 	elasticacheFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_elasticache")
 	validateSumoLogicFER(t, terraformOptions, elasticacheFerID)
+	time.Sleep(2 * time.Second)
 	// Validate if the ELB FER is created successfully
 	elbFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_elb")
 	validateSumoLogicFER(t, terraformOptions, elbFerID)
-	time.Sleep(2 * time.Second)
 	// Validate if the Lambda FER is created successfully
 	lambdaFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_lambda")
 	validateSumoLogicFER(t, terraformOptions, lambdaFerID)
@@ -120,6 +126,16 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the RDS FER is created successfully
 	rdsFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_rds")
 	validateSumoLogicFER(t, terraformOptions, rdsFerID)
+	time.Sleep(2 * time.Second)
+	// Validate if the CloudWatch generic FER is created successfully
+	cwFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_cw")
+	validateSumoLogicFER(t, terraformOptions, cwFerID)
+	// Validate if the SNS FER is created successfully
+	snsFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_sns")
+	validateSumoLogicFER(t, terraformOptions, snsFerID)
+	// Validate if the EC2 FER is created successfully
+	ec2FerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_ec2metrics")
+	validateSumoLogicFER(t, terraformOptions, ec2FerID)
 
 	// Fields
 	// Validate if the account Field is created successfully
@@ -168,6 +184,16 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the dbidentifier Field is created successfully
 	dbidentifierField := terraform.Output(t, terraformOptions, "sumologic_field_dbidentifier")
 	validateSumoLogicField(t, terraformOptions, dbidentifierField)
+	// Validate if the topicname Field is created successfully
+	topicnameField := terraform.Output(t, terraformOptions, "sumologic_field_topicname")
+	validateSumoLogicField(t, terraformOptions, topicnameField)
+	// Validate if the dbclusteridentifier Field is created successfully
+	dbclusteridentifierField := terraform.Output(t, terraformOptions, "sumologic_field_dbclusteridentifier")
+	validateSumoLogicField(t, terraformOptions, dbclusteridentifierField)
+	// Validate if the dbinstanceidentifier Field is created successfully
+	dbinstanceidentifierField := terraform.Output(t, terraformOptions, "sumologic_field_dbinstanceidentifier")
+	validateSumoLogicField(t, terraformOptions, dbinstanceidentifierField)
+	time.Sleep(2 * time.Second)
 
 	// Metric Rules
 	// NLB

From 1c22bafc722ab8eb0d77543ca6d3cbde248cefe1 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Jul 2022 15:02:04 +0530
Subject: [PATCH 70/82] adding App Json to test framework

---
 .../json/EC2-CW-Metrics-App.json              | 4770 +++++++++++++++++
 .../aws-observability/json/Sns-App.json       | 1626 ++++++
 2 files changed, 6396 insertions(+)
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/EC2-CW-Metrics-App.json
 create mode 100644 aws-observability-terraform/examples/aws-observability/json/Sns-App.json

diff --git a/aws-observability-terraform/examples/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability-terraform/examples/aws-observability/json/EC2-CW-Metrics-App.json
new file mode 100644
index 00000000..c09939af
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/EC2-CW-Metrics-App.json
@@ -0,0 +1,4770 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "AWS EC2 CW Metrics",
+    "description": "The Sumo Logic App for AWS EC2 (CloudWatch Metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, network, EBS and Health Status Check.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1.1. AWS EC2 Overview (CloudWatch Metrics)",
+            "description": "The AWS EC2 Overview (CloudWatch Metrics) dashboard provides at-a-glance information about a EC2 CPU, instance disk store, network and EBS volume usage along with EC2 instance health status.",
+            "title": "1.1. AWS EC2 Overview (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-99E32CB9B61C9A45",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":35}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":35}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":41}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":41}"
+                    },
+                    {
+                        "key": "panelE18A48F4BDD8A845",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":54}"
+                    },
+                    {
+                        "key": "panel4AF9CB5BBF1B2B41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":54}"
+                    },
+                    {
+                        "key": "panel23347E5FA7F10B43",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":8}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":8}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panel1F5FFC3E8F012849",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":8}"
+                    },
+                    {
+                        "key": "panel75612834BB02184A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-08FF463080A39847",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":47}"
+                    },
+                    {
+                        "key": "panel4EC8EE6AB0E55B4C",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panel297BE38F9ED6C84A",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelB8F8261D9EFA8A4A",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panel097A505789B2E944",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":6,\"y\":20}"
+                    },
+                    {
+                        "key": "panel77B39A53BFAFB841",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":18,\"y\":20}"
+                    },
+                    {
+                        "key": "panel91327F1C8BEF994A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panel25AA94D9ACF85940",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":14}"
+                    },
+                    {
+                        "key": "panel99AF9880B2354B41",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":14}"
+                    },
+                    {
+                        "key": "panel924F530195637847",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelA277F2A9B91D7944",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":14}"
+                    },
+                    {
+                        "key": "panelD19C1EEBAB745B4E",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":14}"
+                    },
+                    {
+                        "key": "panelE0D443CB96023840",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":54}"
+                    },
+                    {
+                        "key": "panelE5F107D5AEFF6B45",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":54}"
+                    },
+                    {
+                        "key": "panel0B5FD12FA18F1B42",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":35}"
+                    },
+                    {
+                        "key": "panelE9A3087B8434B84E",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":35}"
+                    },
+                    {
+                        "key": "panelDF0ABE6C925FDB40",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panel60E15311AE9BBA4E",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelC1FA0CAF9269EA48",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel0788EB058A3A0A42",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panelBA687A6EAAEB6A44",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":28}"
+                    },
+                    {
+                        "key": "panelPANE-933546D1AEA64B4B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelA7AFA5EE967F794D",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":48}"
+                    },
+                    {
+                        "key": "panelE6CD1CCBA87F3947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":48}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-99E32CB9B61C9A45",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Disk Read Bytes per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "Disk Write Bytes per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "Disk Read Ops per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "Disk Write Ops per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE18A48F4BDD8A845",
+                    "title": "Network In (Bytes) per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkIn Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AF9CB5BBF1B2B41",
+                    "title": "Network Out (Bytes) per Instance Type - Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkOut Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel23347E5FA7F10B43",
+                    "title": "Dedicated Host CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DedicatedHostCPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "This metrics is available for T3 Dedicated Hosts.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditUsage Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1F5FFC3E8F012849",
+                    "title": "CPU Surplus Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel75612834BB02184A",
+                    "title": "CPU Surplus Credits Charged",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditsCharged Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-08FF463080A39847",
+                    "title": "Network per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel4EC8EE6AB0E55B4C",
+                    "title": "Instance Disk Store per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel297BE38F9ED6C84A",
+                    "title": "EBS Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB8F8261D9EFA8A4A",
+                    "title": "EBS Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteBytes Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel097A505789B2E944",
+                    "title": "EBS Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadOps Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel77B39A53BFAFB841",
+                    "title": "EBS Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{account}} {{region}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteOps Statistic=sum | sum by account, region, namespace",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel91327F1C8BEF994A",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% I/O Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel25AA94D9ACF85940",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% Throughput Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel99AF9880B2354B41",
+                    "title": "Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel924F530195637847",
+                    "title": "Instance Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA277F2A9B91D7944",
+                    "title": "System Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD19C1EEBAB745B4E",
+                    "title": "Metadata No Token",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Sum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=MetadataNoToken Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE0D443CB96023840",
+                    "title": "Network In (Bytes) by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkIn Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE5F107D5AEFF6B45",
+                    "title": "Network Out (Bytes) by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkOut Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0B5FD12FA18F1B42",
+                    "title": "Disk Read Bytes by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE9A3087B8434B84E",
+                    "title": "Disk Write Bytes by Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Region\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Bytes\",\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDF0ABE6C925FDB40",
+                    "title": "CPU Utilization per Instance Type",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel60E15311AE9BBA4E",
+                    "title": "Average CPU Utilization per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"CPU Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=CPUUtilization Statistic=average | avg by account, region, namespace, instancetype",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC1FA0CAF9269EA48",
+                    "title": "Instances with High CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":60,\"color\":\"#28aa55\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":85,\"to\":101,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | filter latest > 75 | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0788EB058A3A0A42",
+                    "title": "Instances with Low CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":6,\"color\":\"#28aa55\"},{\"from\":6,\"to\":11,\"color\":\"#f6c851\"},{\"from\":11,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | filter latest <= 10 | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBA687A6EAAEB6A44",
+                    "title": "Average CPU Utilization per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"decimals\":2,\"mode\":\"distribution\"},\"xy\":{\"xDimension\":[],\"yDimension\":[],\"zDimension\":[]},\"color\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Avg CPU Utilization\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=CPUUtilization Statistic=average | avg by instancetype | topk(25, avg)",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-933546D1AEA64B4B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                },
+                {
+                    "id": null,
+                    "key": "panelA7AFA5EE967F794D",
+                    "title": "Network InByte Rate per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Network InByte Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false},\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkIn Statistic=sum | sum by account, region, namespace, instancetype | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE6CD1CCBA87F3947",
+                    "title": "Network OutByte Rate per Instance Type",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Network OutByte Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instancetype}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instancetype=* metric=NetworkOut Statistic=sum | sum by account, region, namespace, instancetype | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1.1. AWS EC2 Summary (CloudWatch Metrics)",
+            "description": "The AWS EC2 Summary (CloudWatch Metrics) dashboard provides at-a-glance information about a EC2 CPU, instance disk store, network and EBS volume usage along with EC2 instance health status.",
+            "title": "1.1. AWS EC2 Summary (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-99E32CB9B61C9A45",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":28}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":28}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":28}"
+                    },
+                    {
+                        "key": "panelE18A48F4BDD8A845",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":35}"
+                    },
+                    {
+                        "key": "panel4AF9CB5BBF1B2B41",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":35}"
+                    },
+                    {
+                        "key": "panel7939D784A8ED6B4C",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":35}"
+                    },
+                    {
+                        "key": "panel3CA672A682E7BB43",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":35}"
+                    },
+                    {
+                        "key": "panel23347E5FA7F10B43",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":2}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":2}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panel1F5FFC3E8F012849",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":2}"
+                    },
+                    {
+                        "key": "panel75612834BB02184A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-D0BB869785134841",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":27}"
+                    },
+                    {
+                        "key": "panelPANE-FEB8135A9882C944",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-E3E100D38FD11943",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panelC0673D08917CA840",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":21}"
+                    },
+                    {
+                        "key": "panel9BD802CAB6A36B49",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":21}"
+                    },
+                    {
+                        "key": "panelC0CFDA649A609B4F",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":21}"
+                    },
+                    {
+                        "key": "panel4464C0CCB5FECA41",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panel2E7A7A0F8FA34A4B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-10781F7B8A9BE94E",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-8571E3AB9C52FA42",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":4,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-401D8D0595682B4B",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":8,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-1A2AF48AAA2A3943",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-70D6345E81FDCB44",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":16,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-17E24068A4CE184B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                    },
+                    {
+                        "key": "panelPANE-95A872A391466848",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":20,\"y\":8}"
+                    },
+                    {
+                        "key": "panelPANE-05EE1E8FB23C084B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-99E32CB9B61C9A45",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Disk Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "Disk Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "Disk Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "Disk Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE18A48F4BDD8A845",
+                    "title": "Network In (Bytes)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AF9CB5BBF1B2B41",
+                    "title": "Network Out (Bytes)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7939D784A8ED6B4C",
+                    "title": "Network Packets In",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3CA672A682E7BB43",
+                    "title": "Network Packets Out",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel23347E5FA7F10B43",
+                    "title": "Dedicated Host CPU Utilization",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":75,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":85,\"to\":101,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% CPU Usage\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DedicatedHostCPUUtilization Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "This metrics is available for T3 Dedicated Hosts.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditUsage Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1F5FFC3E8F012849",
+                    "title": "CPU Surplus Credit Balance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditBalance Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel75612834BB02184A",
+                    "title": "CPU Surplus Credits Charged",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Credits (vCPU-minutes)\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditsCharged Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-D0BB869785134841",
+                    "title": "Instance Disk Store",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-FEB8135A9882C944",
+                    "title": "Network",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E3E100D38FD11943",
+                    "title": "EBS Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC0673D08917CA840",
+                    "title": "EBS Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9BD802CAB6A36B49",
+                    "title": "EBS Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC0CFDA649A609B4F",
+                    "title": "EBS Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}} \"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4464C0CCB5FECA41",
+                    "title": "EBS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel2E7A7A0F8FA34A4B",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"CPU Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-10781F7B8A9BE94E",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% I/O Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-8571E3AB9C52FA42",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":75,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":75,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"% Throughput Credit Balance\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-401D8D0595682B4B",
+                    "title": "Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"0\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1A2AF48AAA2A3943",
+                    "title": "Status Check Failed Instance",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"0\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-70D6345E81FDCB44",
+                    "title": "Status Check Failed System",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"0\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-17E24068A4CE184B",
+                    "title": "Instance Detail Stats",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"decimals\":2,\"mode\":\"distribution\"},\"xy\":{\"xDimension\":[],\"yDimension\":[],\"zDimension\":[]},\"color\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"CPU Utilization\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"EBSIOBalance%\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"EBSByteBalance%\"}}],\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-95A872A391466848",
+                    "title": "Metadata No Token",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Count\",\"valueFontSize\":20,\"option\":\"Sum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=MetadataNoToken Statistic=sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-05EE1E8FB23C084B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2.1 AWS EC2 - Events",
+            "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
+            "title": "2.1 AWS EC2 - Events",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-9A6827ADAFD40B48",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":12}"
+                    },
+                    {
+                        "key": "panel808FD9FD8BFB6846",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-F6D67170A3207848",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelPANE-55BA9CD690905848",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":20}"
+                    },
+                    {
+                        "key": "panelE1BCBDE685FB3944",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":41}"
+                    },
+                    {
+                        "key": "panelPANE-4D66006086774A44",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":12}"
+                    },
+                    {
+                        "key": "panelPANE-829F6ADB86227949",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":41}"
+                    },
+                    {
+                        "key": "panel1DA5F9AA9C03F945",
+                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":34}"
+                    },
+                    {
+                        "key": "panelPANE-C6B1C1249FED294C",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":25}"
+                    },
+                    {
+                        "key": "panel422C79CD944AC840",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":12}"
+                    },
+                    {
+                        "key": "panelB86F7C84926F1844",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":12}"
+                    },
+                    {
+                        "key": "panelABB275868F4B2A44",
+                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":20}"
+                    },
+                    {
+                        "key": "panelA10E415491CA1B4F",
+                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-4B95C387A7D03B47",
+                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":47}"
+                    },
+                    {
+                        "key": "panelF999E9E5A6591B41",
+                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":2}"
+                    },
+                    {
+                        "key": "panelC8228A47A6D3DA4D",
+                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-4022F95385542A46",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":33}"
+                    },
+                    {
+                        "key": "panelD9E5828D86D12941",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":40}"
+                    },
+                    {
+                        "key": "panelPANE-E40BD69ABB08F949",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-9A6827ADAFD40B48",
+                    "title": "Event Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_status\n| sort by _count, event_status asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel808FD9FD8BFB6846",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-F6D67170A3207848",
+                    "title": "Successful Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-55BA9CD690905848",
+                    "title": "Events Types Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelE1BCBDE685FB3944",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4D66006086774A44",
+                    "title": "Top 10 Error Codes",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-829F6ADB86227949",
+                    "title": "Latest Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1DA5F9AA9C03F945",
+                    "title": "Latest Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C6B1C1249FED294C",
+                    "title": "Top 10 AssumedRole  Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as count by user\n| sort by count, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel422C79CD944AC840",
+                    "title": "Top Events Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by event_name\n| sort by count, event_name asc | limit 20",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB86F7C84926F1844",
+                    "title": "Event Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\",  if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelABB275868F4B2A44",
+                    "title": "Events Status Trend",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_status\n| transpose row _timeslice column event_status",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA10E415491CA1B4F",
+                    "title": "Top 10 IAM Users",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as count by user\n| sort by count, user asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4B95C387A7D03B47",
+                    "title": "Events from Known Malicious IP Addresses",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name // , user, user_agent, instanceid\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, instanceid",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelF999E9E5A6591B41",
+                    "title": "Failure Event Locations",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC8228A47A6D3DA4D",
+                    "title": "Top 10 User Agents",
+                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by user_agent\n| sort by count, user_agent asc | limit 10",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4022F95385542A46",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"fontSize\":16,\"showTitle\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Successful Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelD9E5828D86D12941",
+                    "title": "Failure Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false,\"fontSize\":16},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "Failure Events"
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-E40BD69ABB08F949",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires AWS CloudTrail Logs from AWS account and the contents are specific for AWS EC2 instance(s)."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": null,
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2.1. AWS EC2 CPU (CloudWatch Metrics)",
+            "description": "The AWS EC2 CPU (CloudWatch Metrics) dashboard provides details information about a EC2 CPU usage like CPU utilization and CPU credits for burstable performance instances.",
+            "title": "2.1. AWS EC2 CPU (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":23}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":23}"
+                    },
+                    {
+                        "key": "panel9A20F551B8599842",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":5}"
+                    },
+                    {
+                        "key": "panel5CED8523A924FA47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":5}"
+                    },
+                    {
+                        "key": "panelPANE-918CA9B3A4DBD842",
+                        "structure": "{\"height\":3,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel32656D81BBA34B41",
+                        "structure": "{\"height\":4,\"width\":24,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panel97632A7ABFC8E947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelBC1EBF42BDD99940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelD897B984B24EEB41",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panel4208674EAEFC8A4E",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panelPANE-4AFBCF8DA8530A4E",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "CPU Surplus Credit Balance",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditBalance Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "CPU Surplus Credits Charged",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUSurplusCreditsCharged Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9A20F551B8599842",
+                    "title": "Average CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Percent\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUUtilization Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5CED8523A924FA47",
+                    "title": "Dedicated Host Average CPU Utilization",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Percent\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DedicatedHostCPUUtilization Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-918CA9B3A4DBD842",
+                    "title": "CPU Utilization",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* CPUUtilization: The percentage of allocated EC2 compute units that are currently in use on the instance.\n* DedicatedHostCPUUtilization: The percentage of allocated compute capacity that is currently in use by the instances running on the T3 Dedicated Host."
+                },
+                {
+                    "id": null,
+                    "key": "panel32656D81BBA34B41",
+                    "title": "CPU Credits - For Burstable Performance Instances",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* The EC2 burstable instances consist of T4g, T3a and T3 instance types, and the previous generation T2 instance types. \n* For details on these T instances refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html\n* For CPU Credit metrics refer: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#cpu-credit-metrics"
+                },
+                {
+                    "id": null,
+                    "key": "panel97632A7ABFC8E947",
+                    "title": "CPU Credit Usage",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditUsage Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBC1EBF42BDD99940",
+                    "title": "CPU Credit Balance",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Credits (vCPU-minutes)\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=CPUCreditBalance Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD897B984B24EEB41",
+                    "title": "CPU Surplus Credits (Charged, Balance)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel4208674EAEFC8A4E",
+                    "title": "CPU Credits (Usage, Balance) ",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-4AFBCF8DA8530A4E",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "3.1. AWS EC2 EBS (CloudWatch Metrics)",
+            "description": "The AWS EC2 EBS (CloudWatch Metrics) dashboard provides details information about a EC2 EBS volumes for Nitro-based instances based on EBS volumes read and write bytes, operations along with information on percentage of I/O and throughput credits remaining in the burst bucket.",
+            "title": "3.1. AWS EC2 EBS (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-99E32CB9B61C9A45",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":4,\"y\":7}"
+                    },
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":25}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":19}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":19}"
+                    },
+                    {
+                        "key": "panel23347E5FA7F10B43",
+                        "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":7}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":12,\"y\":7}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":6,\"width\":4,\"x\":0,\"y\":7}"
+                    },
+                    {
+                        "key": "panel659291A58A5D3845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panel4CDAC73BB3610B44",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":25}"
+                    },
+                    {
+                        "key": "panelPANE-04CA3839903A594C",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panelPANE-ABB12B7EBD0C7842",
+                        "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":2}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-99E32CB9B61C9A45",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#75bf00\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":0,\"to\":60,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by account, region, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "EBS Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "EBS Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "EBS Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel23347E5FA7F10B43",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#75bf00\"},{\"from\":60,\"to\":85,\"color\":\"#f6c851\"},{\"from\":0,\"to\":60,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg by account, region, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "This metrics is available for T3 Dedicated Hosts.",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "EBS Byte Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":60,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":60,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"Percent\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSByteBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":85,\"to\":101,\"color\":\"#527b01\"},{\"from\":60,\"to\":85,\"color\":\"#b18209\"},{\"from\":0,\"to\":60,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":true,\"min\":0,\"max\":100},\"label\":\"Percent\",\"valueFontSize\":20,\"option\":\"Average\",\"labelFontSize\":8},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel659291A58A5D3845",
+                    "title": "EBS IO Balance %",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Utilization\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSIOBalance% Statistic=average | avg by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4CDAC73BB3610B44",
+                    "title": "EBS Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=EBSWriteBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-04CA3839903A594C",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-ABB12B7EBD0C7842",
+                    "title": "Amazon EBS metrics for Nitro-based instances",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* **EBSReadOps, EBSWriteOps**: Completed read, write operations from all Amazon EBS volumes attached to the instance in a specified period of time.\n* **EBSReadBytes, EBSWriteBytes**: Bytes read, write from all EBS volumes attached to the instance in a specified period of time.\n* **EBSIOBalance%**: Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.\n* **EBSByteBalance%**: Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.\n\n"
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "4.1. AWS EC2 Disk (CloudWatch Metrics)",
+            "description": "The AWS EC2 Disk (CloudWatch Metrics) dashboard provides details information about a EC2 Instance Store Disk usage based on disk read and write bytes, operations.",
+            "title": "4.1. AWS EC2 Disk (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panelB6A91B828769084B",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panel381735E8957D6A40",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
+                    },
+                    {
+                        "key": "panel9A20F551B8599842",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
+                    },
+                    {
+                        "key": "panel5CED8523A924FA47",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
+                    },
+                    {
+                        "key": "panelPANE-918CA9B3A4DBD842",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panel32656D81BBA34B41",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel97632A7ABFC8E947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panelBC1EBF42BDD99940",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelPANE-98034B8AAFD8AB4B",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Disk Read Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "Disk Write Bytes",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteBytes Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB6A91B828769084B",
+                    "title": "Disk Read Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel381735E8957D6A40",
+                    "title": "Disk Write Ops",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Operations\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9A20F551B8599842",
+                    "title": "Disk Read Bytes Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadBytes Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5CED8523A924FA47",
+                    "title": "Disk Write Bytes Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteBytes  Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-918CA9B3A4DBD842",
+                    "title": "Instance Store - Disk (Bytes)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel32656D81BBA34B41",
+                    "title": "Instance Store - Disk (Operations)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel97632A7ABFC8E947",
+                    "title": "Disk Read Ops Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskReadOps Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelBC1EBF42BDD99940",
+                    "title": "Disk Write Ops Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Rate\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=DiskWriteOps Statistic=sum | sum by account, region, namespace, instanceid | Rate",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-98034B8AAFD8AB4B",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "5.1. AWS EC2 Network (CloudWatch Metrics)",
+            "description": "The AWS EC2 Network (CloudWatch Metrics) dashboard provides details information about a EC2 Network activities based on In and out packets, bytes.",
+            "title": "5.1. AWS EC2 Network (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelE18A48F4BDD8A845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panel4AF9CB5BBF1B2B41",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":9}"
+                    },
+                    {
+                        "key": "panel7939D784A8ED6B4C",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}"
+                    },
+                    {
+                        "key": "panel3CA672A682E7BB43",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}"
+                    },
+                    {
+                        "key": "panelD1EAF6B587870B4A",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":3}"
+                    },
+                    {
+                        "key": "panel369E4E54B891FA45",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":3}"
+                    },
+                    {
+                        "key": "panelPANE-0AEEAEAAB56CD841",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelFED57949B8A0DA4F",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel97FBBFDFB46B5A46",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}"
+                    },
+                    {
+                        "key": "panel8F7D0A4DA064DA4E",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}"
+                    },
+                    {
+                        "key": "panelPANE-B074BD5EA7326A45",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelE18A48F4BDD8A845",
+                    "title": "Network Bytes In",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel4AF9CB5BBF1B2B41",
+                    "title": "Network Bytes Out",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"B\",\"isCustom\":false}}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel7939D784A8ED6B4C",
+                    "title": "Network Packets In",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsIn Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel3CA672A682E7BB43",
+                    "title": "Network Packets Out",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsOut Statistic=sum | sum by account, region, namespace, instanceid",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD1EAF6B587870B4A",
+                    "title": "Network Bytes In (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"unit\":{\"value\":\"\",\"isCustom\":false},\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkIn Statistic=sum | sum by account, region, namespace, instanceid | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel369E4E54B891FA45",
+                    "title": "Network Bytes Out (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Bytes per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkOut Statistic=sum | sum by account, region, namespace, instanceid | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-0AEEAEAAB56CD841",
+                    "title": "Network (Bytes)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelFED57949B8A0DA4F",
+                    "title": "Network (Packets)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel97FBBFDFB46B5A46",
+                    "title": "Network Packets In (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0},\"axisY2\":{}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsIn Statistic=sum | sum by account, region, namespace, instanceid | rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8F7D0A4DA064DA4E",
+                    "title": "Network Packets Out (Rate)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Packets per Second\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"minimum\":0}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{instanceid}}\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=NetworkPacketsOut Statistic=sum | sum by account, region, namespace, instanceid | Rate increasing",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-B074BD5EA7326A45",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "6.1. AWS EC2 Status Check (CloudWatch Metrics)",
+            "description": "The AWS EC2 Status Check (CloudWatch Metrics) dashboard provides details information about a EC2 instance health check status based on instance, system, and overall health status.",
+            "title": "6.1. AWS EC2 Status Check (CloudWatch Metrics)",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "instanceid": [
+                        "*"
+                    ],
+                    "namespace": [
+                        "aws/ec2"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panelPANE-B26E4DA1A965A945",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":8,\"y\":11}"
+                    },
+                    {
+                        "key": "panelC4B249E5912CB94F",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":16,\"y\":11}"
+                    },
+                    {
+                        "key": "panel1D3AFBF59EA93A4A",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":6}"
+                    },
+                    {
+                        "key": "panelCE45E0C9A48CC840",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":6}"
+                    },
+                    {
+                        "key": "panel1F5FFC3E8F012849",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel659291A58A5D3845",
+                        "structure": "{\"height\":8,\"width\":8,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-CFEE196EBE8B3A47",
+                        "structure": "{\"height\":4,\"width\":24,\"x\":0,\"y\":2}"
+                    },
+                    {
+                        "key": "panelAEE4F5C3A2E0A840",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":6}"
+                    },
+                    {
+                        "key": "panel428AE851BBEFCA4F",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panel5B78F6CDB323DB47",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-93ECF7FDA914084E",
+                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panelPANE-B26E4DA1A965A945",
+                    "title": "Instance Status Check - Failed/Passed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Instance Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Fail\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Pass\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelC4B249E5912CB94F",
+                    "title": "System Status Check - Failed/Passed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Instance Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Fail\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Pass\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System  Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System  Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1D3AFBF59EA93A4A",
+                    "title": "System Status Check - Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Fail Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\",\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCE45E0C9A48CC840",
+                    "title": "Instance Status Check - Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Fail Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\",\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1F5FFC3E8F012849",
+                    "title": "Status Check Failed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":1,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Fail Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"noDataString\":\"No Failures\",\"rounding\":0,\"useBackgroundColor\":false},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel659291A58A5D3845",
+                    "title": "Status Check - Failed / Passed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"max\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Instance Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Fail\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Pass\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 1 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-CFEE196EBE8B3A47",
+                    "title": "Status Check",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "* **StatusCheckFailed**: Reports whether the instance has passed both the instance status check and the system status check in the last minute.\n* **StatusCheckFailed_Instance**: Reports whether the instance has passed the instance status check in the last minute.\n* **StatusCheckFailed_System**: Reports whether the instance has passed the system status check in the last minute.\n\nThis status check metric value can be either 0 (passed) or 1 (failed)."
+                },
+                {
+                    "id": null,
+                    "key": "panelAEE4F5C3A2E0A840",
+                    "title": "Status Check Passed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false},\"label\":\"Pass Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel428AE851BBEFCA4F",
+                    "title": "Instance Status Check - Passed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Pass Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_Instance Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5B78F6CDB323DB47",
+                    "title": "System Status Check - Passed",
+                    "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"thresholds\":[{\"from\":1,\"to\":null,\"color\":\"#527b01\"},{\"from\":null,\"to\":null,\"color\":\"#b18209\"},{\"from\":null,\"to\":null,\"color\":\"#b63010\"}],\"sparkline\":{\"show\":true,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100},\"label\":\"Pass Count\",\"valueFontSize\":20,\"option\":\"Maximum\",\"labelFontSize\":8,\"rounding\":0},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} metric=StatusCheckFailed_System Statistic=maximum | filter latest = 0 | count",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": null
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-93ECF7FDA914084E",
+                    "title": "Note",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"text\":{\"format\":\"markdownV2\",\"fontSize\":14,\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": "This dashboard requires CloudWatch metrics source to be configured. CloudWatch metrics can be collected with [AWS CloudWatch Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/Amazon-CloudWatch-Source-for-Metrics) source or **[AWS Kinesis Firehose for Metrics](https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS_Kinesis_Firehose_for_Metrics_Source)** (recommended) source."
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/ec2",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "instanceid",
+                    "displayName": "instanceid",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "instanceid"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file
diff --git a/aws-observability-terraform/examples/aws-observability/json/Sns-App.json b/aws-observability-terraform/examples/aws-observability/json/Sns-App.json
new file mode 100644
index 00000000..1c844430
--- /dev/null
+++ b/aws-observability-terraform/examples/aws-observability/json/Sns-App.json
@@ -0,0 +1,1626 @@
+{
+    "type": "FolderSyncDefinition",
+    "name": "Amazon - SNS",
+    "description": "The Sumo Logic App for Amazon SNS is a unified logs and metrics App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.",
+    "children": [
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon SNS - Messages, Notifications ",
+            "description": "",
+            "title": "1. Amazon SNS - Messages, Notifications ",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "topicname": [
+                        "*"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel82FC587B9BACF941",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":11}"
+                    },
+                    {
+                        "key": "panelPANE-A3ADC6ED8EDF2B4C",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel1FA1906D834C9B46",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel815D399A933C5940",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":18,\"y\":0}"
+                    },
+                    {
+                        "key": "panel81AC01C88E6C8B46",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":11}"
+                    },
+                    {
+                        "key": "panel5DD1E582BAA4A84F",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":17}"
+                    },
+                    {
+                        "key": "panel71CB92F989A1D84E",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":17}"
+                    },
+                    {
+                        "key": "panelB60F8DEDAEA58B42",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":4}"
+                    },
+                    {
+                        "key": "panel5BAB854CBFE61843",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":4}"
+                    },
+                    {
+                        "key": "panelD1555A7CB4485845",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":4}"
+                    },
+                    {
+                        "key": "panel27A5906DA65FE84B",
+                        "structure": "{\"height\":4,\"width\":6,\"x\":6,\"y\":0}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel82FC587B9BACF941",
+                    "title": "Message Publish Size (Today , Yesterday , Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"hiddenQueryKeys\":[],\"overrides\":[{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"D\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"E\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size (Bytes)\"},\"axisX\":{\"title\":\"\"}}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#C | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "D",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#C | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "E",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A3ADC6ED8EDF2B4C",
+                    "title": "Messages Published",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Messages\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1FA1906D834C9B46",
+                    "title": "Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum \n\n",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel815D399A933C5940",
+                    "title": "Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel81AC01C88E6C8B46",
+                    "title": "Messages Published (Today,Yesterday,Last Week)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Messages\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5DD1E582BAA4A84F",
+                    "title": "Notifications Delivered (Today,Yesterday,Last Week)",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel71CB92F989A1D84E",
+                    "title": "Notifications Failed (Today,Yesterday,Last Week) ",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB60F8DEDAEA58B42",
+                    "title": "Messages Published by TopicName",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Messages Published\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5BAB854CBFE61843",
+                    "title": "Notifications Delivered by TopicName",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Notifications Delivered\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by TopicName ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelD1555A7CB4485845",
+                    "title": "Notifications Failed by TopicName ",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Notifications Failed\"}}]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by TopicName ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel27A5906DA65FE84B",
+                    "title": "Avg Message Size",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"Bytes\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "1. Amazon SNS - Overview",
+            "description": "",
+            "title": "1. Amazon SNS - Overview",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel40B571E3A8CF694E",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}"
+                    },
+                    {
+                        "key": "panel93252B51B57EDB4D",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":0,\"y\":1}"
+                    },
+                    {
+                        "key": "panel246853BDA98F894A",
+                        "structure": "{\"height\":5,\"width\":5,\"x\":5,\"y\":1}"
+                    },
+                    {
+                        "key": "panel8E6DF23A8D775A4B",
+                        "structure": "{\"height\":5,\"width\":7,\"x\":10,\"y\":1}"
+                    },
+                    {
+                        "key": "panelDA2DFDF2A4D19A44",
+                        "structure": "{\"height\":5,\"width\":7,\"x\":17,\"y\":1}"
+                    },
+                    {
+                        "key": "panel9CBE3510857A6845",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}"
+                    },
+                    {
+                        "key": "panel6BF3727D86A0E949",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}"
+                    },
+                    {
+                        "key": "panelCB717EB5B480A948",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}"
+                    },
+                    {
+                        "key": "panel5C761868A14A7B40",
+                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}"
+                    },
+                    {
+                        "key": "panel2C1AFF3CADD60947",
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}"
+                    },
+                    {
+                        "key": "panelPANE-88E3C816ADF55B44",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel8E54E5239FF80A4D",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":12}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel40B571E3A8CF694E",
+                    "title": "Messages Published (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Messages\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}}  metric=NumberOfMessagesPublished Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d ",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel93252B51B57EDB4D",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel246853BDA98F894A",
+                    "title": "Failed Events",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":1,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count \n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8E6DF23A8D775A4B",
+                    "title": "Events by Status",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count,event_status asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelDA2DFDF2A4D19A44",
+                    "title": "Events by Event Name",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_name\n| sort by _count,event_name asc\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9CBE3510857A6845",
+                    "title": "Events by User",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"user\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as eventCount by user, event_name\n| transpose row user column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6BF3727D86A0E949",
+                    "title": "Notifications Delivered (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCB717EB5B480A948",
+                    "title": "Notifications Failed (Today, Yesterday, Last Week) ",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today \"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel5C761868A14A7B40",
+                    "title": "Message Publish Size (Today, Yesterday, Last Week)",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg by account,region,TopicName",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 1d",
+                            "queryType": "Metrics",
+                            "queryKey": "B",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "#A | timeshift 7d",
+                            "queryType": "Metrics",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel2C1AFF3CADD60947",
+                    "title": "Events by TopicName",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| timeslice 1h\n| count as event_count by _timeslice, topic_name\n| transpose row _timeslice column topic_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-88E3C816ADF55B44",
+                    "title": "CloudTrail Audit Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panel8E54E5239FF80A4D",
+                    "title": "SNS Metrics",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        },
+        {
+            "type": "DashboardV2SyncDefinition",
+            "name": "2. Amazon SNS - Audit Events",
+            "description": "",
+            "title": "2. Amazon SNS - Audit Events",
+            "theme": "Light",
+            "topologyLabelMap": {
+                "data": {
+                    "namespace": [
+                        "aws/sns"
+                    ],
+                    "region": [
+                        "*"
+                    ],
+                    "account": [
+                        "*"
+                    ]
+                }
+            },
+            "refreshInterval": 0,
+            "timeRange": {
+                "type": "BeginBoundedTimeRange",
+                "from": {
+                    "type": "RelativeTimeRangeBoundary",
+                    "relativeTime": "-1d"
+                },
+                "to": null
+            },
+            "layout": {
+                "layoutType": "Grid",
+                "layoutStructures": [
+                    {
+                        "key": "panel9724CE95BF93284E",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":0}"
+                    },
+                    {
+                        "key": "panel13A28BCF9195784A",
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":0}"
+                    },
+                    {
+                        "key": "panel8295225DA9487941",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":9}"
+                    },
+                    {
+                        "key": "panel63133FE7966C3B44",
+                        "structure": "{\"height\":7,\"width\":6,\"x\":5,\"y\":15}"
+                    },
+                    {
+                        "key": "panelA3841CC48DC37A4E",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":15,\"y\":9}"
+                    },
+                    {
+                        "key": "panel08DA60FCB6CBA94F",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":15}"
+                    },
+                    {
+                        "key": "panel554DCC97A661E840",
+                        "structure": "{\"height\":6,\"width\":13,\"x\":11,\"y\":15}"
+                    },
+                    {
+                        "key": "panel8BD78A42A42E2941",
+                        "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":21}"
+                    },
+                    {
+                        "key": "panel04C58849BF85EA40",
+                        "structure": "{\"height\":6,\"width\":19,\"x\":5,\"y\":22}"
+                    },
+                    {
+                        "key": "panelEB163726B40EDB42",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":28}"
+                    },
+                    {
+                        "key": "panel9FE68E49A0060A4D",
+                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":28}"
+                    },
+                    {
+                        "key": "panel47C00A9996D1FB46",
+                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":34}"
+                    },
+                    {
+                        "key": "panelFA76DDA1858D6941",
+                        "structure": "{\"height\":6,\"width\":10,\"x\":5,\"y\":9}"
+                    },
+                    {
+                        "key": "panelB3E1C834A1026A43",
+                        "structure": "{\"height\":6,\"width\":14,\"x\":9,\"y\":34}"
+                    }
+                ]
+            },
+            "panels": [
+                {
+                    "id": null,
+                    "key": "panel9724CE95BF93284E",
+                    "title": "Successful Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel13A28BCF9195784A",
+                    "title": "Failure Events Location",
+                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isBlank(error_code) and !(src_ip matches \"*.amazonaws.com\")\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topicArn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8295225DA9487941",
+                    "title": "Event by Status",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count by event_status\n| sort by _count, event_status asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel63133FE7966C3B44",
+                    "title": "Top Error Codes",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by error_code \n| top 10 error_code by event_count\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelA3841CC48DC37A4E",
+                    "title": "Event Status Trend",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count by _timeslice, event_status\n| fillmissing timeslice(1d), values (\"Success\", \"Failure\") in event_status\n| transpose row _timeslice column event_status",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel08DA60FCB6CBA94F",
+                    "title": "Failed Events by Event Name",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel554DCC97A661E840",
+                    "title": "Failed Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountid, user, type\n| sort by _timeslice",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel8BD78A42A42E2941",
+                    "title": "Successful Events by Event Name",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name\n| sort by event_count, event_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel04C58849BF85EA40",
+                    "title": "Successful Event Details",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, region, src_ip, accountid, user, type, request_id, name, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelEB163726B40EDB42",
+                    "title": "Top 10 Users by Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user\n| top 10 user by event_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel9FE68E49A0060A4D",
+                    "title": "Events by User",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"bar\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user, event_name\n| transpose row user column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel47C00A9996D1FB46",
+                    "title": "Top 10 Active TopicNames by Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name\n| top 10 topic_name by event_count, topic_name asc",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelFA76DDA1858D6941",
+                    "title": "Events Trend ",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as topic_arn, name nodrop \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name\n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelB3E1C834A1026A43",
+                    "title": " Active TopicNames by Events",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[]}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\" as request_topic_arn, name nodrop \n| json field=responseElements \"topicArn\", \"name\" as response_topic_arn, name nodrop \n| if (!isEmpty(request_topic_arn), request_topic_arn, response_topic_arn) as topic_arn\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name, event_name\n| transpose row topic_name column event_name",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Manual",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                }
+            ],
+            "variables": [
+                {
+                    "id": null,
+                    "name": "account",
+                    "displayName": "account",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "",
+                        "key": "account"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "region",
+                    "displayName": "region",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}}",
+                        "key": "region"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "namespace",
+                    "displayName": "namespace",
+                    "defaultValue": "aws/sns",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace=aws/sns",
+                        "key": "namespace"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                },
+                {
+                    "id": null,
+                    "name": "topicname",
+                    "displayName": "topicname",
+                    "defaultValue": "*",
+                    "sourceDefinition": {
+                        "variableSourceType": "MetadataVariableSourceDefinition",
+                        "filter": "account={{account}} region={{region}} namespace={{namespace}}",
+                        "key": "topicname"
+                    },
+                    "allowMultiSelect": false,
+                    "includeAllOption": true,
+                    "hideFromUI": false,
+                    "valueType": "Any"
+                }
+            ],
+            "coloringRules": []
+        }
+    ]
+}
\ No newline at end of file

From d0a5af799dc6d5345c0d007d8d0221faae5eb9e5 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Jul 2022 15:11:55 +0530
Subject: [PATCH 71/82] updating sumo provider version dependency

---
 .../examples/sourcemodule/overrideSources/versions.tf           | 2 +-
 .../examples/sourcemodule/testSource/versions.tf                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf
index 75909178..befb90d4 100644
--- a/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf
@@ -7,7 +7,7 @@ terraform {
       version = ">= 3.42.0, < 4.0.0"
     }
     sumologic = {
-      version = "= 2.13.0"
+      version = ">= 2.13.0"
       source  = "SumoLogic/sumologic"
     }
     time = {
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf b/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf
index 75909178..befb90d4 100644
--- a/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf
@@ -7,7 +7,7 @@ terraform {
       version = ">= 3.42.0, < 4.0.0"
     }
     sumologic = {
-      version = "= 2.13.0"
+      version = ">= 2.13.0"
       source  = "SumoLogic/sumologic"
     }
     time = {

From 71bfe31aa513959a67327e9e80f5a6b25a060ff7 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 8 Jul 2022 15:12:33 +0530
Subject: [PATCH 72/82] Updating all READMEs

---
 aws-observability-terraform/README.md         | 18 ++++
 .../examples/appmodule/README.md              | 79 ++++++++++++++--
 .../sourcemodule/overrideSources/README.md    | 88 ++++++++++++++++--
 .../sourcemodule/testSource/README.md         | 89 +++++++++++++++++--
 4 files changed, 259 insertions(+), 15 deletions(-)

diff --git a/aws-observability-terraform/README.md b/aws-observability-terraform/README.md
index 5cdb9d6b..360e2bc3 100644
--- a/aws-observability-terraform/README.md
+++ b/aws-observability-terraform/README.md
@@ -13,11 +13,13 @@
 | Name | Version |
 |------|---------|
 | <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.16.2 |
+| <a name="provider_time"></a> [time](#provider\_time) | 0.7.2 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
 | <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
 
 ## Resources
@@ -29,7 +31,9 @@
 | [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbclusteridentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbinstanceidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
@@ -39,6 +43,19 @@
 | [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.topicname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityAlbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityApiGatewayCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityDynamoDBCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityEC2CloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityECSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElastiCacheCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityFieldExtractionRule](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityGenericCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityLambdaCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityRdsCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilitySNSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [time_sleep.wait_for_10_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 
 ## Inputs
 
@@ -57,3 +74,4 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
+| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
diff --git a/aws-observability-terraform/examples/appmodule/README.md b/aws-observability-terraform/examples/appmodule/README.md
index 647b7397..530ed2c4 100644
--- a/aws-observability-terraform/examples/appmodule/README.md
+++ b/aws-observability-terraform/examples/appmodule/README.md
@@ -12,14 +12,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.16.2 |
+| <a name="provider_time"></a> [time](#provider\_time) | 0.7.2 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
-| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
+| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ../../app-modules | n/a |
 
 ## Resources
 
@@ -30,7 +30,9 @@
 | [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbclusteridentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbinstanceidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
@@ -39,12 +41,33 @@
 | [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.topicname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityAlbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityApiGatewayCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityDynamoDBCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityEC2CloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityECSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElastiCacheCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityFieldExtractionRule](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityGenericCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityLambdaCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityRdsCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilitySNSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [time_sleep.wait_for_10_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_alb_monitors"></a> [alb\_monitors](#input\_alb\_monitors) | Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_apps_folder"></a> [apps\_folder](#input\_apps\_folder) | Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.<br>            Default value will be: AWS Observability Apps | `string` | `"AWS Observability Apps"` | no |
 | <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
+| <a name="input_ec2metrics_monitors"></a> [ec2metrics\_monitors](#input\_ec2metrics\_monitors) | Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_ecs_monitors"></a> [ecs\_monitors](#input\_ecs\_monitors) | Indicates if ECS Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_elasticache_monitors"></a> [elasticache\_monitors](#input\_elasticache\_monitors) | Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_monitors_folder"></a> [monitors\_folder](#input\_monitors\_folder) | Provide a folder name where all the monitors will be installed under Monitor Folder.<br>            Default value will be: AWS Observability Monitors | `string` | `"AWS Observability Monitors"` | no |
+| <a name="input_sumo_api_endpoint"></a> [sumo\_api\_endpoint](#input\_sumo\_api\_endpoint) | n/a | `string` | n/a | yes |
 | <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
@@ -56,5 +79,51 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
-| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
+| <a name="output_alb_apps_folder_id"></a> [alb\_apps\_folder\_id](#output\_alb\_apps\_folder\_id) | This output contains sumologic ALB apps folder. |
+| <a name="output_apigateway_apps_folder_id"></a> [apigateway\_apps\_folder\_id](#output\_apigateway\_apps\_folder\_id) | This output contains sumologic API Gateway apps folder. |
+| <a name="output_apps_folder_id"></a> [apps\_folder\_id](#output\_apps\_folder\_id) | This output contains sumologic apps folder. |
+| <a name="output_clb_apps_folder_id"></a> [clb\_apps\_folder\_id](#output\_clb\_apps\_folder\_id) | This output contains sumologic CLB apps folder. |
+| <a name="output_dynamodb_apps_folder_id"></a> [dynamodb\_apps\_folder\_id](#output\_dynamodb\_apps\_folder\_id) | This output contains sumologic DynamoDB apps folder. |
+| <a name="output_ec2CWmetrics_apps_folder_id"></a> [ec2CWmetrics\_apps\_folder\_id](#output\_ec2CWmetrics\_apps\_folder\_id) | This output contains sumologic EC2 CW metrics apps folder. |
+| <a name="output_ec2metrics_apps_folder_id"></a> [ec2metrics\_apps\_folder\_id](#output\_ec2metrics\_apps\_folder\_id) | This output contains sumologic EC2 host metrics apps folder. |
+| <a name="output_ecs_apps_folder_id"></a> [ecs\_apps\_folder\_id](#output\_ecs\_apps\_folder\_id) | This output contains sumologic ECS apps folder. |
+| <a name="output_elasticache_apps_folder_id"></a> [elasticache\_apps\_folder\_id](#output\_elasticache\_apps\_folder\_id) | This output contains sumologic ElastiCacheApp apps folder. |
+| <a name="output_hierarchy_id"></a> [hierarchy\_id](#output\_hierarchy\_id) | This output contains sumologic hierarchy id. |
+| <a name="output_lambda_apps_folder_id"></a> [lambda\_apps\_folder\_id](#output\_lambda\_apps\_folder\_id) | This output contains sumologic Lambda apps folder. |
+| <a name="output_monitors_folder_id"></a> [monitors\_folder\_id](#output\_monitors\_folder\_id) | This output contains sumologic monitors folder. |
+| <a name="output_nlb_apps_folder_id"></a> [nlb\_apps\_folder\_id](#output\_nlb\_apps\_folder\_id) | This output contains sumologic NLB apps folder. |
+| <a name="output_overview_apps_folder_id"></a> [overview\_apps\_folder\_id](#output\_overview\_apps\_folder\_id) | This output contains sumologic Overview apps folder. |
+| <a name="output_rds_apps_folder_id"></a> [rds\_apps\_folder\_id](#output\_rds\_apps\_folder\_id) | This output contains sumologic RDS apps folder. |
+| <a name="output_sns_apps_folder_id"></a> [sns\_apps\_folder\_id](#output\_sns\_apps\_folder\_id) | This output contains sumologic SNS apps folder. |
+| <a name="output_sumologic_field_account"></a> [sumologic\_field\_account](#output\_sumologic\_field\_account) | This output contains sumologic Account field id. |
+| <a name="output_sumologic_field_accountid"></a> [sumologic\_field\_accountid](#output\_sumologic\_field\_accountid) | This output contains sumologic accountid field id. |
+| <a name="output_sumologic_field_apiname"></a> [sumologic\_field\_apiname](#output\_sumologic\_field\_apiname) | This output contains sumologic apiname field id. |
+| <a name="output_sumologic_field_cacheclusterid"></a> [sumologic\_field\_cacheclusterid](#output\_sumologic\_field\_cacheclusterid) | This output contains sumologic cacheclusterid field id. |
+| <a name="output_sumologic_field_clustername"></a> [sumologic\_field\_clustername](#output\_sumologic\_field\_clustername) | This output contains sumologic clustername field id. |
+| <a name="output_sumologic_field_dbclusteridentifier"></a> [sumologic\_field\_dbclusteridentifier](#output\_sumologic\_field\_dbclusteridentifier) | This output contains sumologic dbclusteridentifier field id. |
+| <a name="output_sumologic_field_dbidentifier"></a> [sumologic\_field\_dbidentifier](#output\_sumologic\_field\_dbidentifier) | This output contains sumologic dbidentifier field id. |
+| <a name="output_sumologic_field_dbinstanceidentifier"></a> [sumologic\_field\_dbinstanceidentifier](#output\_sumologic\_field\_dbinstanceidentifier) | This output contains sumologic dbinstanceidentifier field id. |
+| <a name="output_sumologic_field_extraction_rule_alb"></a> [sumologic\_field\_extraction\_rule\_alb](#output\_sumologic\_field\_extraction\_rule\_alb) | This output contains sumologic ALB field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_apigateway"></a> [sumologic\_field\_extraction\_rule\_apigateway](#output\_sumologic\_field\_extraction\_rule\_apigateway) | This output contains sumologic API gateway field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_cw"></a> [sumologic\_field\_extraction\_rule\_cw](#output\_sumologic\_field\_extraction\_rule\_cw) | This output contains sumologic CloudWatch logs generic field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_dynamodb"></a> [sumologic\_field\_extraction\_rule\_dynamodb](#output\_sumologic\_field\_extraction\_rule\_dynamodb) | This output contains sumologic dynamoDB field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_ec2metrics"></a> [sumologic\_field\_extraction\_rule\_ec2metrics](#output\_sumologic\_field\_extraction\_rule\_ec2metrics) | This output contains sumologic EC2 field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_ecs"></a> [sumologic\_field\_extraction\_rule\_ecs](#output\_sumologic\_field\_extraction\_rule\_ecs) | This output contains sumologic ECS field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_elasticache"></a> [sumologic\_field\_extraction\_rule\_elasticache](#output\_sumologic\_field\_extraction\_rule\_elasticache) | This output contains sumologic Elasticache field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_elb"></a> [sumologic\_field\_extraction\_rule\_elb](#output\_sumologic\_field\_extraction\_rule\_elb) | This output contains sumologic CLB field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_lambda"></a> [sumologic\_field\_extraction\_rule\_lambda](#output\_sumologic\_field\_extraction\_rule\_lambda) | This output contains sumologic Lambda cloudtrail field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_lambda_cw"></a> [sumologic\_field\_extraction\_rule\_lambda\_cw](#output\_sumologic\_field\_extraction\_rule\_lambda\_cw) | This output contains sumologic Lambda cloudwatch field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_rds"></a> [sumologic\_field\_extraction\_rule\_rds](#output\_sumologic\_field\_extraction\_rule\_rds) | This output contains sumologic RDS field extraction rule id. |
+| <a name="output_sumologic_field_extraction_rule_sns"></a> [sumologic\_field\_extraction\_rule\_sns](#output\_sumologic\_field\_extraction\_rule\_sns) | This output contains sumologic SNS field extraction rule id. |
+| <a name="output_sumologic_field_functionname"></a> [sumologic\_field\_functionname](#output\_sumologic\_field\_functionname) | This output contains sumologic functionname field id. |
+| <a name="output_sumologic_field_instanceid"></a> [sumologic\_field\_instanceid](#output\_sumologic\_field\_instanceid) | This output contains sumologic instanceid field id. |
+| <a name="output_sumologic_field_loadbalancer"></a> [sumologic\_field\_loadbalancer](#output\_sumologic\_field\_loadbalancer) | This output contains sumologic loadbalancer field id. |
+| <a name="output_sumologic_field_loadbalancername"></a> [sumologic\_field\_loadbalancername](#output\_sumologic\_field\_loadbalancername) | This output contains sumologic loadbalancername field id. |
+| <a name="output_sumologic_field_namespace"></a> [sumologic\_field\_namespace](#output\_sumologic\_field\_namespace) | This output contains sumologic namespace field id. |
+| <a name="output_sumologic_field_networkloadbalancer"></a> [sumologic\_field\_networkloadbalancer](#output\_sumologic\_field\_networkloadbalancer) | This output contains sumologic networkloadbalancer field id. |
+| <a name="output_sumologic_field_region"></a> [sumologic\_field\_region](#output\_sumologic\_field\_region) | This output contains sumologic Region field id. |
+| <a name="output_sumologic_field_tablename"></a> [sumologic\_field\_tablename](#output\_sumologic\_field\_tablename) | This output contains sumologic tablename field id. |
+| <a name="output_sumologic_field_topicname"></a> [sumologic\_field\_topicname](#output\_sumologic\_field\_topicname) | This output contains sumologic topicname field id. |
+| <a name="output_sumologic_metric_rule_nlb"></a> [sumologic\_metric\_rule\_nlb](#output\_sumologic\_metric\_rule\_nlb) | This output contains sumologic NLB metric rule name. |
+| <a name="output_sumologic_metric_rule_rds_cluster"></a> [sumologic\_metric\_rule\_rds\_cluster](#output\_sumologic\_metric\_rule\_rds\_cluster) | This output contains sumologic RDS cluster metric rule name. |
+| <a name="output_sumologic_metric_rule_rds_instance"></a> [sumologic\_metric\_rule\_rds\_instance](#output\_sumologic\_metric\_rule\_rds\_instance) | This output contains sumologic RDS instance metric rule name. |
diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md b/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md
index 647b7397..72ac3e18 100644
--- a/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md
+++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md
@@ -12,14 +12,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.13.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | >= 0.7.1 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
-| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
+| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ../../../source-module | n/a |
 
 ## Resources
 
@@ -30,7 +30,9 @@
 | [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbclusteridentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbinstanceidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
@@ -39,12 +41,49 @@
 | [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.topicname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityAlbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityApiGatewayCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityDynamoDBCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityEC2CloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityECSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElastiCacheCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityFieldExtractionRule](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityGenericCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityLambdaCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityRdsCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilitySNSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [time_sleep.wait_for_10_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_alb_monitors"></a> [alb\_monitors](#input\_alb\_monitors) | Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_apps_folder"></a> [apps\_folder](#input\_apps\_folder) | Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.<br>            Default value will be: AWS Observability Apps | `string` | `"AWS Observability Apps"` | no |
 | <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
+| <a name="input_classic_lb_details"></a> [classic\_lb\_details](#input\_classic\_lb\_details) | Provide details for the Sumo Logic Classic Load Balancer source. If not provided, then defaults will be used.<br>            To enable collection of classic load balancer logs, set collect\_classic\_lb\_logs to true and provide configuration information for the bucket.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive Classic LB access logs. If this is blank, Sumo Logic will store logs in the path expression: *classicloadbalancing/AWSLogs/*/elasticloadbalancing/*/* | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*classicloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/clb/logs",<br>  "source_name": "Classic lb Logs (Region)"<br>}</pre> | no |
+| <a name="input_collect_classic_lb"></a> [collect\_classic\_lb](#input\_collect\_classic\_lb) | Create a Sumo Logic Classic LB Logs Source.<br>            You have the following options:<br>			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects classic load balancer logs from an existing bucket or a new bucket.<br>			If true, please configure \"classic\_lb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.<br>			false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no |
+| <a name="input_collect_cloudtrail"></a> [collect\_cloudtrail](#input\_collect\_cloudtrail) | Create a Sumo Logic CloudTrail Logs Source.<br>            You have the following options:<br>			true - to ingest cloudtrail logs into Sumo Logic. Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.<br>			If true, please configure \"cloudtrail\_source\_details\" with configuration information to ingest cloudtrail logs.<br>			false - you are already ingesting cloudtrail logs into Sumo Logic. | `bool` | `true` | no |
+| <a name="input_collect_elb"></a> [collect\_elb](#input\_collect\_elb) | Create a Sumo Logic ALB Logs Source.<br>            You have the following options:<br>			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects application load balancer logs from an existing bucket or a new bucket.<br>			If true, please configure \"elb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.<br>			false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no |
+| <a name="input_collect_logs_cloudwatch"></a> [collect\_logs\_cloudwatch](#input\_collect\_logs\_cloudwatch) | Select the kind of Sumo Logic CloudWatch Logs Sources to create<br>            You have the following options:<br>            "Lambda Log Forwarder" - Creates a Sumo Logic CloudWatch Log Source that collects CloudWatch logs via a Lambda function.<br>            "Kinesis Firehose Log Source" - Creates a Sumo Logic Kinesis Firehose Log Source to collect CloudWatch logs.<br>            "None" - Skips installation of both sources. | `string` | `"Kinesis Firehose Log Source"` | no |
+| <a name="input_collect_metric_cloudwatch"></a> [collect\_metric\_cloudwatch](#input\_collect\_metric\_cloudwatch) | Select the kind of CloudWatch Metrics Source to create<br>            You have the following options:<br>            "CloudWatch Metrics Source" - Creates Sumo Logic AWS CloudWatch Metrics Sources.<br>            "Kinesis Firehose Metrics Source" (Recommended) - Creates a Sumo Logic AWS Kinesis Firehose for Metrics Source. Note: This new source has cost and performance benefits over the CloudWatch Metrics Source and is therefore recommended.<br>            "None" - Skips the Installation of both the Sumo Logic Metric Sources | `string` | `"Kinesis Firehose Metrics Source"` | no |
+| <a name="input_collect_rce"></a> [collect\_rce](#input\_collect\_rce) | Select the Sumo Logic Root Cause Explorer Source.<br>            You have the following options:<br>            Inventory Source - Creates a Sumo Logic Inventory Source used by Root Cause Explorer.<br>            Xray Source - Creates a Sumo Logic AWS X-Ray Source that collects X-Ray Trace Metrics from your AWS account.<br>            Both - Install both Inventory and Xray sources.<br>            None - Skips installation of both sources. | `string` | `"Both"` | no |
+| <a name="input_collector_id"></a> [collector\_id](#input\_collector\_id) | Required if you already have collector. | `string` | `""` | no |
+| <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector) | Create a Sumo Logic Collector.<br>            You have the following options:<br>			true - If you want to create collector.<br>			false - If you already have a collector. | `bool` | `true` | no |
+| <a name="input_create_s3_bucket"></a> [create\_s3\_bucket](#input\_create\_s3\_bucket) | Create a AWS S3 bucket.<br>            You have the following options:<br>			true - If you want to create S3 bucket.<br>			false - If you already have a S3 bucket. | `bool` | `true` | no |
+| <a name="input_ec2metrics_monitors"></a> [ec2metrics\_monitors](#input\_ec2metrics\_monitors) | Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_ecs_monitors"></a> [ecs\_monitors](#input\_ecs\_monitors) | Indicates if ECS Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_elasticache_monitors"></a> [elasticache\_monitors](#input\_elasticache\_monitors) | Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_elb_details"></a> [elb\_details](#input\_elb\_details) | Provide details for the Sumo Logic ALB source. If not provided, then defaults will be used.<br>            To enable collection of application load balancer logs, set collect\_elb\_logs to true and provide configuration information for the bucket.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *elasticloadbalancing/AWSLogs/*/elasticloadbalancing/*/* | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*elasticloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Application LoadBalancer logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/alb/logs",<br>  "source_name": "Elb Logs (Region)"<br>}</pre> | no |
+| <a name="input_executeTest1"></a> [executeTest1](#input\_executeTest1) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_executeTest2"></a> [executeTest2](#input\_executeTest2) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_executeTest3"></a> [executeTest3](#input\_executeTest3) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_executeTest4"></a> [executeTest4](#input\_executeTest4) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_monitors_folder"></a> [monitors\_folder](#input\_monitors\_folder) | Provide a folder name where all the monitors will be installed under Monitor Folder.<br>            Default value will be: AWS Observability Monitors | `string` | `"AWS Observability Monitors"` | no |
+| <a name="input_s3_name"></a> [s3\_name](#input\_s3\_name) | Required if you already have a S3 bucket. | `string` | `""` | no |
+| <a name="input_sumo_api_endpoint"></a> [sumo\_api\_endpoint](#input\_sumo\_api\_endpoint) | n/a | `string` | n/a | yes |
 | <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
@@ -56,5 +95,44 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
-| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
+| <a name="output_alb_auto_enable_stack"></a> [alb\_auto\_enable\_stack](#output\_alb\_auto\_enable\_stack) | This output contains ALB auto enable CloudFormation Name. |
+| <a name="output_alb_sns_sub"></a> [alb\_sns\_sub](#output\_alb\_sns\_sub) | This output contains ALB AWS SNS subscription arn. |
+| <a name="output_alb_sns_topic"></a> [alb\_sns\_topic](#output\_alb\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_aws_iam_role"></a> [aws\_iam\_role](#output\_aws\_iam\_role) | This output contains IAM role arn. |
+| <a name="output_aws_s3"></a> [aws\_s3](#output\_aws\_s3) | This output contains AWS S3 bucket name. |
+| <a name="output_aws_sns_topic"></a> [aws\_sns\_topic](#output\_aws\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_classic_lb_sns_sub"></a> [classic\_lb\_sns\_sub](#output\_classic\_lb\_sns\_sub) | This output contains Classic ELB AWS SNS subscription arn. |
+| <a name="output_classic_lb_sns_topic"></a> [classic\_lb\_sns\_topic](#output\_classic\_lb\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_clb_auto_enable_stack"></a> [clb\_auto\_enable\_stack](#output\_clb\_auto\_enable\_stack) | This output contains CLB auto enable CloudFormation Name. |
+| <a name="output_cloudtrail_sns_sub"></a> [cloudtrail\_sns\_sub](#output\_cloudtrail\_sns\_sub) | This output contains Cloudtrail AWS SNS subscription arn. |
+| <a name="output_cloudtrail_sns_topic"></a> [cloudtrail\_sns\_topic](#output\_cloudtrail\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_collection_folder_id"></a> [collection\_folder\_id](#output\_collection\_folder\_id) | This output contains sumologic Collections output. |
+| <a name="output_cw_logs_auto_enable_stack"></a> [cw\_logs\_auto\_enable\_stack](#output\_cw\_logs\_auto\_enable\_stack) | This output contains CloudWatch logs cloudFormation stack. |
+| <a name="output_cw_metrics_stream"></a> [cw\_metrics\_stream](#output\_cw\_metrics\_stream) | This output contains CloudWatch metrics stream Name. |
+| <a name="output_kf_logs_auto_enable_stack"></a> [kf\_logs\_auto\_enable\_stack](#output\_kf\_logs\_auto\_enable\_stack) | This output contains Kinesis Firehose for logs auto enable CloudFormation Name. |
+| <a name="output_kf_logs_stream"></a> [kf\_logs\_stream](#output\_kf\_logs\_stream) | This output contains Kinesis Firehose for logs stream Name. |
+| <a name="output_kf_metrics_stream"></a> [kf\_metrics\_stream](#output\_kf\_metrics\_stream) | This output contains Kinesis Firehose for metrics stream Name. |
+| <a name="output_log_forwarder_lambda_name"></a> [log\_forwarder\_lambda\_name](#output\_log\_forwarder\_lambda\_name) | This output contains Lambda logs forwarder Function Name. |
+| <a name="output_sumologic_classic_lb_source"></a> [sumologic\_classic\_lb\_source](#output\_sumologic\_classic\_lb\_source) | This output contains sumologic Classic ELB source id. |
+| <a name="output_sumologic_cloudtrail_source"></a> [sumologic\_cloudtrail\_source](#output\_sumologic\_cloudtrail\_source) | This output contains sumologic CloudTrail source id. |
+| <a name="output_sumologic_cloudwatch_logs_source"></a> [sumologic\_cloudwatch\_logs\_source](#output\_sumologic\_cloudwatch\_logs\_source) | This output contains sumologic CloudWatch log source id. |
+| <a name="output_sumologic_collector"></a> [sumologic\_collector](#output\_sumologic\_collector) | This output contains sumologic collector id. |
+| <a name="output_sumologic_elb_source"></a> [sumologic\_elb\_source](#output\_sumologic\_elb\_source) | This output contains sumologic ALB source id. |
+| <a name="output_sumologic_field_account"></a> [sumologic\_field\_account](#output\_sumologic\_field\_account) | This output contains sumologic Account field id. |
+| <a name="output_sumologic_field_accountid"></a> [sumologic\_field\_accountid](#output\_sumologic\_field\_accountid) | This output contains sumologic accountid field id. |
+| <a name="output_sumologic_field_apiname"></a> [sumologic\_field\_apiname](#output\_sumologic\_field\_apiname) | This output contains sumologic apiname field id. |
+| <a name="output_sumologic_field_cacheclusterid"></a> [sumologic\_field\_cacheclusterid](#output\_sumologic\_field\_cacheclusterid) | This output contains sumologic cacheclusterid field id. |
+| <a name="output_sumologic_field_clustername"></a> [sumologic\_field\_clustername](#output\_sumologic\_field\_clustername) | This output contains sumologic clustername field id. |
+| <a name="output_sumologic_field_dbidentifier"></a> [sumologic\_field\_dbidentifier](#output\_sumologic\_field\_dbidentifier) | This output contains sumologic dbidentifier field id. |
+| <a name="output_sumologic_field_functionname"></a> [sumologic\_field\_functionname](#output\_sumologic\_field\_functionname) | This output contains sumologic functionname field id. |
+| <a name="output_sumologic_field_instanceid"></a> [sumologic\_field\_instanceid](#output\_sumologic\_field\_instanceid) | This output contains sumologic instanceid field id. |
+| <a name="output_sumologic_field_loadbalancer"></a> [sumologic\_field\_loadbalancer](#output\_sumologic\_field\_loadbalancer) | This output contains sumologic loadbalancer field id. |
+| <a name="output_sumologic_field_loadbalancername"></a> [sumologic\_field\_loadbalancername](#output\_sumologic\_field\_loadbalancername) | This output contains sumologic loadbalancername field id. |
+| <a name="output_sumologic_field_namespace"></a> [sumologic\_field\_namespace](#output\_sumologic\_field\_namespace) | This output contains sumologic namespace field id. |
+| <a name="output_sumologic_field_networkloadbalancer"></a> [sumologic\_field\_networkloadbalancer](#output\_sumologic\_field\_networkloadbalancer) | This output contains sumologic networkloadbalancer field id. |
+| <a name="output_sumologic_field_region"></a> [sumologic\_field\_region](#output\_sumologic\_field\_region) | This output contains sumologic Region field id. |
+| <a name="output_sumologic_field_tablename"></a> [sumologic\_field\_tablename](#output\_sumologic\_field\_tablename) | This output contains sumologic tablename field id. |
+| <a name="output_sumologic_inventory_source"></a> [sumologic\_inventory\_source](#output\_sumologic\_inventory\_source) | This output contains sumologic aws inventory source id. |
+| <a name="output_sumologic_kinesis_firehose_for_logs_source"></a> [sumologic\_kinesis\_firehose\_for\_logs\_source](#output\_sumologic\_kinesis\_firehose\_for\_logs\_source) | This output contains sumologic kinesis firehose for logs source id. |
+| <a name="output_sumologic_kinesis_firehose_for_metrics_source"></a> [sumologic\_kinesis\_firehose\_for\_metrics\_source](#output\_sumologic\_kinesis\_firehose\_for\_metrics\_source) | This output contains sumologic kinesis firehose for metrics source id. |
+| <a name="output_sumologic_xray_source"></a> [sumologic\_xray\_source](#output\_sumologic\_xray\_source) | This output contains sumologic aws xray source id. |
diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/README.md b/aws-observability-terraform/examples/sourcemodule/testSource/README.md
index 647b7397..9efa8077 100644
--- a/aws-observability-terraform/examples/sourcemodule/testSource/README.md
+++ b/aws-observability-terraform/examples/sourcemodule/testSource/README.md
@@ -12,14 +12,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | 2.13.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.13.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | >= 0.7.1 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ./source-module | n/a |
-| <a name="module_sumo-module"></a> [sumo-module](#module\_sumo-module) | ./app-modules | n/a |
+| <a name="module_collection-module"></a> [collection-module](#module\_collection-module) | ../../../source-module | n/a |
 
 ## Resources
 
@@ -30,7 +30,9 @@
 | [sumologic_field.apiname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.cacheclusterid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.clustername](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbclusteridentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.dbidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.dbinstanceidentifier](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.functionname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.instanceid](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.loadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
@@ -39,12 +41,49 @@
 | [sumologic_field.networkloadbalancer](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.region](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
 | [sumologic_field.tablename](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field.topicname](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityAlbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityApiGatewayCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityDynamoDBCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityEC2CloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityECSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElastiCacheCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityElbAccessLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityFieldExtractionRule](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityGenericCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityLambdaCloudWatchLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilityRdsCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [sumologic_field_extraction_rule.AwsObservabilitySNSCloudTrailLogsFER](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/field_extraction_rule) | resource |
+| [time_sleep.wait_for_10_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_alb_monitors"></a> [alb\_monitors](#input\_alb\_monitors) | Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_apps_folder"></a> [apps\_folder](#input\_apps\_folder) | Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.<br>            Default value will be: AWS Observability Apps | `string` | `"AWS Observability Apps"` | no |
 | <a name="input_aws_account_alias"></a> [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.<br>            If you are going to deploy the solution in multiple AWS accounts then this value has to be overidden at main.tf file.<br>            Do not include special characters in the alias. | `string` | n/a | yes |
+| <a name="input_classic_lb_details"></a> [classic\_lb\_details](#input\_classic\_lb\_details) | Provide details for the Sumo Logic Classic Load Balancer source. If not provided, then defaults will be used.<br>            To enable collection of classic load balancer logs, set collect\_classic\_lb\_logs to true and provide configuration information for the bucket.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive Classic LB access logs. If this is blank, Sumo Logic will store logs in the path expression: *classicloadbalancing/AWSLogs/*/elasticloadbalancing/*/* | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*classicloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/clb/logs",<br>  "source_name": "Classic lb Logs (Region)"<br>}</pre> | no |
+| <a name="input_collect_classic_lb"></a> [collect\_classic\_lb](#input\_collect\_classic\_lb) | Create a Sumo Logic Classic LB Logs Source.<br>            You have the following options:<br>			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects classic load balancer logs from an existing bucket or a new bucket.<br>			If true, please configure \"classic\_lb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.<br>			false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no |
+| <a name="input_collect_cloudtrail"></a> [collect\_cloudtrail](#input\_collect\_cloudtrail) | Create a Sumo Logic CloudTrail Logs Source.<br>            You have the following options:<br>			true - to ingest cloudtrail logs into Sumo Logic. Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.<br>			If true, please configure \"cloudtrail\_source\_details\" with configuration information to ingest cloudtrail logs.<br>			false - you are already ingesting cloudtrail logs into Sumo Logic. | `bool` | `true` | no |
+| <a name="input_collect_elb"></a> [collect\_elb](#input\_collect\_elb) | Create a Sumo Logic ALB Logs Source.<br>            You have the following options:<br>			true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects application load balancer logs from an existing bucket or a new bucket.<br>			If true, please configure \"elb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.<br>			false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no |
+| <a name="input_collect_logs_cloudwatch"></a> [collect\_logs\_cloudwatch](#input\_collect\_logs\_cloudwatch) | Select the kind of Sumo Logic CloudWatch Logs Sources to create<br>            You have the following options:<br>            "Lambda Log Forwarder" - Creates a Sumo Logic CloudWatch Log Source that collects CloudWatch logs via a Lambda function.<br>            "Kinesis Firehose Log Source" - Creates a Sumo Logic Kinesis Firehose Log Source to collect CloudWatch logs.<br>            "None" - Skips installation of both sources. | `string` | `"Kinesis Firehose Log Source"` | no |
+| <a name="input_collect_metric_cloudwatch"></a> [collect\_metric\_cloudwatch](#input\_collect\_metric\_cloudwatch) | Select the kind of CloudWatch Metrics Source to create<br>            You have the following options:<br>            "CloudWatch Metrics Source" - Creates Sumo Logic AWS CloudWatch Metrics Sources.<br>            "Kinesis Firehose Metrics Source" (Recommended) - Creates a Sumo Logic AWS Kinesis Firehose for Metrics Source. Note: This new source has cost and performance benefits over the CloudWatch Metrics Source and is therefore recommended.<br>            "None" - Skips the Installation of both the Sumo Logic Metric Sources | `string` | `"Kinesis Firehose Metrics Source"` | no |
+| <a name="input_collect_rce"></a> [collect\_rce](#input\_collect\_rce) | Select the Sumo Logic Root Cause Explorer Source.<br>            You have the following options:<br>            Inventory Source - Creates a Sumo Logic Inventory Source used by Root Cause Explorer.<br>            Xray Source - Creates a Sumo Logic AWS X-Ray Source that collects X-Ray Trace Metrics from your AWS account.<br>            Both - Install both Inventory and Xray sources.<br>            None - Skips installation of both sources. | `string` | `"Both"` | no |
+| <a name="input_collector_id"></a> [collector\_id](#input\_collector\_id) | Required if you already have collector. | `string` | `""` | no |
+| <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector) | Create a Sumo Logic Collector.<br>            You have the following options:<br>			true - If you want to create collector.<br>			false - If you already have a collector. | `bool` | `true` | no |
+| <a name="input_create_s3_bucket"></a> [create\_s3\_bucket](#input\_create\_s3\_bucket) | Create a AWS S3 bucket.<br>            You have the following options:<br>			true - If you want to create S3 bucket.<br>			false - If you already have a S3 bucket. | `bool` | `true` | no |
+| <a name="input_ec2metrics_monitors"></a> [ec2metrics\_monitors](#input\_ec2metrics\_monitors) | Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_ecs_monitors"></a> [ecs\_monitors](#input\_ecs\_monitors) | Indicates if ECS Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_elasticache_monitors"></a> [elasticache\_monitors](#input\_elasticache\_monitors) | Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no |
+| <a name="input_elb_details"></a> [elb\_details](#input\_elb\_details) | Provide details for the Sumo Logic ALB source. If not provided, then defaults will be used.<br>            To enable collection of application load balancer logs, set collect\_elb\_logs to true and provide configuration information for the bucket.<br>            If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.<br>            If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.<br>            path\_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *elasticloadbalancing/AWSLogs/*/elasticloadbalancing/*/* | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    fields = map(string)<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "aws-observability-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*elasticloadbalancing/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Application LoadBalancer logs.",<br>  "fields": {},<br>  "source_category": "aws/observability/alb/logs",<br>  "source_name": "Elb Logs (Region)"<br>}</pre> | no |
+| <a name="input_executeTest1"></a> [executeTest1](#input\_executeTest1) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_executeTest2"></a> [executeTest2](#input\_executeTest2) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_executeTest3"></a> [executeTest3](#input\_executeTest3) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_executeTest4"></a> [executeTest4](#input\_executeTest4) | True - If you want to execute this TestCase | `bool` | `false` | no |
+| <a name="input_monitors_folder"></a> [monitors\_folder](#input\_monitors\_folder) | Provide a folder name where all the monitors will be installed under Monitor Folder.<br>            Default value will be: AWS Observability Monitors | `string` | `"AWS Observability Monitors"` | no |
+| <a name="input_s3_name"></a> [s3\_name](#input\_s3\_name) | Required if you already have a S3 bucket. | `string` | `""` | no |
+| <a name="input_sumo_api_endpoint"></a> [sumo\_api\_endpoint](#input\_sumo\_api\_endpoint) | n/a | `string` | n/a | yes |
 | <a name="input_sumologic_access_id"></a> [sumologic\_access\_id](#input\_sumologic\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_access_key"></a> [sumologic\_access\_key](#input\_sumologic\_access\_key) | Sumo Logic Access Key. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes |
 | <a name="input_sumologic_environment"></a> [sumologic\_environment](#input\_sumologic\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes |
@@ -56,5 +95,45 @@
 
 | Name | Description |
 |------|-------------|
-| <a name="output_Apps"></a> [Apps](#output\_Apps) | All outputs related to apps. |
-| <a name="output_Collection"></a> [Collection](#output\_Collection) | All outputs related to collection and sources. |
\ No newline at end of file
+| <a name="output_alb_auto_enable_stack"></a> [alb\_auto\_enable\_stack](#output\_alb\_auto\_enable\_stack) | This output contains ALB auto enable CloudFormation Name. |
+| <a name="output_alb_sns_sub"></a> [alb\_sns\_sub](#output\_alb\_sns\_sub) | This output contains ALB AWS SNS subscription arn. |
+| <a name="output_alb_sns_topic"></a> [alb\_sns\_topic](#output\_alb\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_aws_cloudtrail_name"></a> [aws\_cloudtrail\_name](#output\_aws\_cloudtrail\_name) | This output contains CloudTrail Name. |
+| <a name="output_aws_iam_role"></a> [aws\_iam\_role](#output\_aws\_iam\_role) | This output contains IAM role arn. |
+| <a name="output_aws_s3"></a> [aws\_s3](#output\_aws\_s3) | This output contains AWS S3 bucket name. |
+| <a name="output_aws_sns_topic"></a> [aws\_sns\_topic](#output\_aws\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_classic_lb_sns_sub"></a> [classic\_lb\_sns\_sub](#output\_classic\_lb\_sns\_sub) | This output contains Classic ELB AWS SNS subscription arn. |
+| <a name="output_classic_lb_sns_topic"></a> [classic\_lb\_sns\_topic](#output\_classic\_lb\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_clb_auto_enable_stack"></a> [clb\_auto\_enable\_stack](#output\_clb\_auto\_enable\_stack) | This output contains CLB auto enable CloudFormation Name. |
+| <a name="output_cloudtrail_sns_sub"></a> [cloudtrail\_sns\_sub](#output\_cloudtrail\_sns\_sub) | This output contains Cloudtrail AWS SNS subscription arn. |
+| <a name="output_cloudtrail_sns_topic"></a> [cloudtrail\_sns\_topic](#output\_cloudtrail\_sns\_topic) | This output contains AWS SNS topic arn. |
+| <a name="output_collection_folder_id"></a> [collection\_folder\_id](#output\_collection\_folder\_id) | This output contains sumologic Collections output. |
+| <a name="output_cw_logs_auto_enable_stack"></a> [cw\_logs\_auto\_enable\_stack](#output\_cw\_logs\_auto\_enable\_stack) | This output contains CloudWatch logs cloudFormation stack. |
+| <a name="output_cw_metrics_stream"></a> [cw\_metrics\_stream](#output\_cw\_metrics\_stream) | This output contains CloudWatch metrics stream Name. |
+| <a name="output_kf_logs_auto_enable_stack"></a> [kf\_logs\_auto\_enable\_stack](#output\_kf\_logs\_auto\_enable\_stack) | This output contains Kinesis Firehose for logs auto enable CloudFormation Name. |
+| <a name="output_kf_logs_stream"></a> [kf\_logs\_stream](#output\_kf\_logs\_stream) | This output contains Kinesis Firehose for logs stream Name. |
+| <a name="output_kf_metrics_stream"></a> [kf\_metrics\_stream](#output\_kf\_metrics\_stream) | This output contains Kinesis Firehose for metrics stream Name. |
+| <a name="output_log_forwarder_lambda_name"></a> [log\_forwarder\_lambda\_name](#output\_log\_forwarder\_lambda\_name) | This output contains Lambda logs forwarder Function Name. |
+| <a name="output_sumologic_classic_lb_source"></a> [sumologic\_classic\_lb\_source](#output\_sumologic\_classic\_lb\_source) | This output contains sumologic Classic ELB source id. |
+| <a name="output_sumologic_cloudtrail_source"></a> [sumologic\_cloudtrail\_source](#output\_sumologic\_cloudtrail\_source) | This output contains sumologic CloudTrail source id. |
+| <a name="output_sumologic_cloudwatch_logs_source"></a> [sumologic\_cloudwatch\_logs\_source](#output\_sumologic\_cloudwatch\_logs\_source) | This output contains sumologic CloudWatch log source id. |
+| <a name="output_sumologic_collector"></a> [sumologic\_collector](#output\_sumologic\_collector) | This output contains sumologic collector id. |
+| <a name="output_sumologic_elb_source"></a> [sumologic\_elb\_source](#output\_sumologic\_elb\_source) | This output contains sumologic ALB source id. |
+| <a name="output_sumologic_field_account"></a> [sumologic\_field\_account](#output\_sumologic\_field\_account) | This output contains sumologic Account field id. |
+| <a name="output_sumologic_field_accountid"></a> [sumologic\_field\_accountid](#output\_sumologic\_field\_accountid) | This output contains sumologic accountid field id. |
+| <a name="output_sumologic_field_apiname"></a> [sumologic\_field\_apiname](#output\_sumologic\_field\_apiname) | This output contains sumologic apiname field id. |
+| <a name="output_sumologic_field_cacheclusterid"></a> [sumologic\_field\_cacheclusterid](#output\_sumologic\_field\_cacheclusterid) | This output contains sumologic cacheclusterid field id. |
+| <a name="output_sumologic_field_clustername"></a> [sumologic\_field\_clustername](#output\_sumologic\_field\_clustername) | This output contains sumologic clustername field id. |
+| <a name="output_sumologic_field_dbidentifier"></a> [sumologic\_field\_dbidentifier](#output\_sumologic\_field\_dbidentifier) | This output contains sumologic dbidentifier field id. |
+| <a name="output_sumologic_field_functionname"></a> [sumologic\_field\_functionname](#output\_sumologic\_field\_functionname) | This output contains sumologic functionname field id. |
+| <a name="output_sumologic_field_instanceid"></a> [sumologic\_field\_instanceid](#output\_sumologic\_field\_instanceid) | This output contains sumologic instanceid field id. |
+| <a name="output_sumologic_field_loadbalancer"></a> [sumologic\_field\_loadbalancer](#output\_sumologic\_field\_loadbalancer) | This output contains sumologic loadbalancer field id. |
+| <a name="output_sumologic_field_loadbalancername"></a> [sumologic\_field\_loadbalancername](#output\_sumologic\_field\_loadbalancername) | This output contains sumologic loadbalancername field id. |
+| <a name="output_sumologic_field_namespace"></a> [sumologic\_field\_namespace](#output\_sumologic\_field\_namespace) | This output contains sumologic namespace field id. |
+| <a name="output_sumologic_field_networkloadbalancer"></a> [sumologic\_field\_networkloadbalancer](#output\_sumologic\_field\_networkloadbalancer) | This output contains sumologic networkloadbalancer field id. |
+| <a name="output_sumologic_field_region"></a> [sumologic\_field\_region](#output\_sumologic\_field\_region) | This output contains sumologic Region field id. |
+| <a name="output_sumologic_field_tablename"></a> [sumologic\_field\_tablename](#output\_sumologic\_field\_tablename) | This output contains sumologic tablename field id. |
+| <a name="output_sumologic_inventory_source"></a> [sumologic\_inventory\_source](#output\_sumologic\_inventory\_source) | This output contains sumologic aws inventory source id. |
+| <a name="output_sumologic_kinesis_firehose_for_logs_source"></a> [sumologic\_kinesis\_firehose\_for\_logs\_source](#output\_sumologic\_kinesis\_firehose\_for\_logs\_source) | This output contains sumologic kinesis firehose for logs source id. |
+| <a name="output_sumologic_kinesis_firehose_for_metrics_source"></a> [sumologic\_kinesis\_firehose\_for\_metrics\_source](#output\_sumologic\_kinesis\_firehose\_for\_metrics\_source) | This output contains sumologic kinesis firehose for metrics source id. |
+| <a name="output_sumologic_xray_source"></a> [sumologic\_xray\_source](#output\_sumologic\_xray\_source) | This output contains sumologic aws xray source id. |

From 967d8b72256b694a3063df20bad48ec37413c4f6 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Mon, 18 Jul 2022 16:12:35 +0530
Subject: [PATCH 73/82] SNS_App

---
 .../app-modules/variables.tf                  |   4 +-
 aws-observability/json/Alerts-App.json        |  82 ++---
 aws-observability/json/Sns-App.json           | 317 ++++++++----------
 3 files changed, 187 insertions(+), 216 deletions(-)

diff --git a/aws-observability-terraform/app-modules/variables.tf b/aws-observability-terraform/app-modules/variables.tf
index b8dfc795..7e6d6b2e 100644
--- a/aws-observability-terraform/app-modules/variables.tf
+++ b/aws-observability-terraform/app-modules/variables.tf
@@ -49,7 +49,7 @@ variable "apps_folder_name" {
             Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
             Default value will be: AWS Observability Apps
         EOT
-  default     = "AWS Observability Apps"
+  default     = "AWS Observability Apps TF"
 }
 
 variable "parent_folder_id" {
@@ -64,7 +64,7 @@ variable "monitors_folder_name" {
             Provide a folder name where all the monitors will be installed under Monitor Folder.
             Default value will be: AWS Observability Monitors
         EOT
-  default     = "AWS Observability Monitors"
+  default     = "AWS Observability Monitors TF"
 }
 
 variable "connection_notifications" {
diff --git a/aws-observability/json/Alerts-App.json b/aws-observability/json/Alerts-App.json
index bcf8cc56..19bf1ed2 100644
--- a/aws-observability/json/Alerts-App.json
+++ b/aws-observability/json/Alerts-App.json
@@ -1074,6 +1074,47 @@
       "playbook": "",
       "sloId": null
     },
+    {
+      "name": "AWS SNS - Failed Notifications",
+      "description": "This alert fires where there are many failed notifications (>2) within an interval of 5 minutes.",
+      "type": "MonitorsLibraryMonitorExport",
+      "monitorType": "Metrics",
+      "evaluationDelay": "0m",
+      "alertName": null,
+      "runAs": null,
+      "notificationGroupFields": [],
+      "queries": [
+        {
+          "rowId": "A",
+          "query": "account=* region=* namespace=aws/sns TopicName=* metric=NumberOfNotificationsFailed Statistic=Sum | sum by account, region, TopicName"
+        }
+      ],
+      "triggers": [
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "Critical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 2,
+          "thresholdType": "GreaterThan",
+          "occurrenceType": "Always"
+        },
+        {
+          "detectionMethod": "MetricsStaticCondition",
+          "triggerType": "ResolvedCritical",
+          "resolutionWindow": null,
+          "timeRange": "-5m",
+          "threshold": 2,
+          "thresholdType": "LessThanOrEqual",
+          "occurrenceType": "Always"
+        }
+      ],
+      "notifications": [],
+      "isDisabled": true,
+      "groupNotifications": true,
+      "playbook": "",
+      "sloId": null
+    },
     {
       "name": "AWS SNS - Failed Events",
       "description": "This alert fires when an SNS app has high number of  failed events (>5) within last 5 minutes",
@@ -1843,47 +1884,6 @@
       "playbook": "",
       "sloId": null
     },
-    {
-      "name": "AWS SNS - Failed Notifications",
-      "description": "This alert fires where there are many failed notifications (>=5) within an interval of 5 minutes.",
-      "type": "MonitorsLibraryMonitorExport",
-      "monitorType": "Metrics",
-      "evaluationDelay": "0m",
-      "alertName": null,
-      "runAs": null,
-      "notificationGroupFields": [],
-      "queries": [
-        {
-          "rowId": "A",
-          "query": "account=* region=* namespace=aws/sns TopicName=* metric=NumberOfNotificationsFailed Statistic=Sum | sum by account, region, TopicName"
-        }
-      ],
-      "triggers": [
-        {
-          "detectionMethod": "MetricsStaticCondition",
-          "triggerType": "Critical",
-          "resolutionWindow": null,
-          "timeRange": "-5m",
-          "threshold": 5,
-          "thresholdType": "GreaterThanOrEqual",
-          "occurrenceType": "Always"
-        },
-        {
-          "detectionMethod": "MetricsStaticCondition",
-          "triggerType": "ResolvedCritical",
-          "resolutionWindow": null,
-          "timeRange": "-5m",
-          "threshold": 5,
-          "thresholdType": "LessThan",
-          "occurrenceType": "Always"
-        }
-      ],
-      "notifications": [],
-      "isDisabled": true,
-      "groupNotifications": true,
-      "playbook": "",
-      "sloId": null
-    },
     {
       "name": "AWS Application Load Balancer - High 5XX Errors",
       "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.",
diff --git a/aws-observability/json/Sns-App.json b/aws-observability/json/Sns-App.json
index 40aaeedc..ff41727f 100644
--- a/aws-observability/json/Sns-App.json
+++ b/aws-observability/json/Sns-App.json
@@ -1,6 +1,6 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "AWS - SNS",
+    "name": "AWS SNS",
     "description": "The Sumo Logic App for Amazon SNS is a unified logs and metrics App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.",
     "children": [
         {
@@ -39,71 +39,63 @@
                 "layoutStructures": [
                     {
                         "key": "panel82FC587B9BACF941",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":21}"
                     },
                     {
                         "key": "panelPANE-A3ADC6ED8EDF2B4C",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":0,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":5,\"x\":0,\"y\":0}"
                     },
                     {
                         "key": "panel1FA1906D834C9B46",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":8,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":5,\"x\":10,\"y\":0}"
                     },
                     {
                         "key": "panel815D399A933C5940",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":12,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":5,\"x\":15,\"y\":0}"
                     },
                     {
                         "key": "panel81AC01C88E6C8B46",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":21}"
                     },
                     {
                         "key": "panel5DD1E582BAA4A84F",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":27}"
                     },
                     {
                         "key": "panel71CB92F989A1D84E",
-                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}"
+                        "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":27}"
                     },
                     {
                         "key": "panel27A5906DA65FE84B",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":4,\"y\":0}"
+                        "structure": "{\"height\":4,\"width\":5,\"x\":5,\"y\":0}"
                     },
                     {
                         "key": "panel99D65C5790DDC84F",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":16,\"y\":0}"
-                    },
-                    {
-                        "key": "panel7A322D0F90151B43",
                         "structure": "{\"height\":4,\"width\":4,\"x\":20,\"y\":0}"
                     },
                     {
-                        "key": "panelA614CFEEBC15684C",
-                        "structure": "{\"height\":4,\"width\":3,\"x\":12,\"y\":4}"
-                    },
-                    {
-                        "key": "panel414125AAA91E8849",
-                        "structure": "{\"height\":4,\"width\":3,\"x\":15,\"y\":4}"
+                        "key": "panel53EF06C4A2B08A4A",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":4}"
                     },
                     {
-                        "key": "panel3A4637E1B0D62947",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":4,\"y\":4}"
+                        "key": "panel9B5290EA9C1C1849",
+                        "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":9}"
                     },
                     {
-                        "key": "panel795D287F84AD4B47",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":8,\"y\":4}"
+                        "key": "panel8197657DAE4A394C",
+                        "structure": "{\"height\":10,\"width\":20,\"x\":4,\"y\":4}"
                     },
                     {
-                        "key": "panel8FAE4AE5AB220B45",
-                        "structure": "{\"height\":4,\"width\":4,\"x\":0,\"y\":4}"
+                        "key": "panelEC8A062C923DBA4E",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":14}"
                     },
                     {
-                        "key": "panel53EF06C4A2B08A4A",
-                        "structure": "{\"height\":4,\"width\":3,\"x\":18,\"y\":4}"
+                        "key": "panel8DF75C14B6BC3A49",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":14}"
                     },
                     {
-                        "key": "panel9B5290EA9C1C1849",
-                        "structure": "{\"height\":4,\"width\":3,\"x\":21,\"y\":4}"
+                        "key": "panel0344AFB8A76FF84C",
+                        "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":14}"
                     }
                 ]
             },
@@ -112,13 +104,13 @@
                     "id": null,
                     "key": "panel82FC587B9BACF941",
                     "title": "Message Publish Size (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"hiddenQueryKeys\":[],\"overrides\":[{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"D\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"E\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size (Bytes)\"},\"axisX\":{\"title\":\"\"}}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"hiddenQueryKeys\":[],\"overrides\":[{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"D\"],\"properties\":{\"type\":\"line\",\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"E\"],\"properties\":{\"type\":\"line\",\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg ",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
@@ -246,13 +238,13 @@
                     "id": null,
                     "key": "panel81AC01C88E6C8B46",
                     "title": "Messages Published (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Messages\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Messages\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -299,13 +291,13 @@
                     "id": null,
                     "key": "panel5DD1E582BAA4A84F",
                     "title": "Notifications Delivered (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -352,13 +344,13 @@
                     "id": null,
                     "key": "panel71CB92F989A1D84E",
                     "title": "Notifications Failed (Today, Yesterday, Last Week) ",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"name\":\"Today, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"name\":\"Yesterday, {{TopicName}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"name\":\"Last Week, {{TopicName}}\"}}],\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"type\":\"line\",\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"type\":\"line\",\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"line\",\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -483,15 +475,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel7A322D0F90151B43",
-                    "title": "Delivery Rate",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Average\",\"label\":\"%\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#6cae01\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false},\"hiddenQueryKeys\":[\"A\",\"B\"]}",
+                    "key": "panel53EF06C4A2B08A4A",
+                    "title": "SMS Success Rate",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"SMS\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum \n\n",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SMSSuccessRate Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -501,32 +493,6 @@
                             "parseMode": "Auto",
                             "timeSource": "Message",
                             "outputCardinalityLimit": 1000
-                        },
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum \n",
-                            "queryType": "Metrics",
-                            "queryKey": "B",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        },
-                        {
-                            "transient": false,
-                            "queryString": "#A/(#A+#B)*100",
-                            "queryType": "Metrics",
-                            "queryKey": "C",
-                            "metricsQueryMode": "Advanced",
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -536,15 +502,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panelA614CFEEBC15684C",
-                    "title": "Notifications Redriven To Dlq",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "key": "panel9B5290EA9C1C1849",
+                    "title": "SMS Month To Date Spent USD",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"USD\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsRedrivenToDlq Statistic=Sum | sum",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SMSMonthToDateSpentUSD Statistic=Sum | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -563,15 +529,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel414125AAA91E8849",
-                    "title": "Notifications Failed to Redrive to Dlq",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "key": "panel8197657DAE4A394C",
+                    "title": "Notifications Detail",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"Notifications\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"NumberOfNotifications\"},\"axisY2\":{\"title\":\"\",\"unit\":{\"value\":\"\",\"isCustom\":false}}},\"series\":{},\"hiddenQueryKeys\":[],\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"NotificationsFilteredOut\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"NotificationsFilteredOut-InvalidAttributes\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"NotificationsFilteredOut-NoMessageAttributes \"}},{\"series\":[],\"queries\":[\"D\"],\"properties\":{\"name\":\"NotificationsRedrivenToDlq\"}},{\"series\":[],\"queries\":[\"E\"],\"properties\":{\"name\":\"NotificationsFailedToRedriveToDlq\"}}],\"general\":{\"type\":\"bar\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"color\":{\"family\":\"Categorical Default\"},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailedToRedriveToDlq Statistic=Sum | sum ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut Statistic=Sum | sum by metric",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -581,26 +547,12 @@
                             "parseMode": "Auto",
                             "timeSource": "Message",
                             "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel3A4637E1B0D62947",
-                    "title": "Notifications Filtered Out-InvalidAttributes",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
+                        },
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut-InvalidAttributes Statistic=Sum | sum ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut-InvalidAttributes Statistic=Sum | sum by metric",
                             "queryType": "Metrics",
-                            "queryKey": "A",
+                            "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
@@ -608,26 +560,38 @@
                             "parseMode": "Auto",
                             "timeSource": "Message",
                             "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel795D287F84AD4B47",
-                    "title": "Notifications Filtered Out- No Message Attributes",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
+                        },
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut-NoMessageAttributes   Statistic=Sum | sum ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut-NoMessageAttributes   Statistic=Sum | sum by metric",
                             "queryType": "Metrics",
-                            "queryKey": "A",
+                            "queryKey": "C",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsRedrivenToDlq Statistic=Sum | sum by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "D",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        },
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailedToRedriveToDlq Statistic=Sum | sum by metric",
+                            "queryType": "Metrics",
+                            "queryKey": "E",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
@@ -644,15 +608,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel8FAE4AE5AB220B45",
-                    "title": "Notifications Filtered Out",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Notifications\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#6cae01\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "key": "panelEC8A062C923DBA4E",
+                    "title": "Top 10 Active Topics by Messages Published",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"TopicName\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"NumberOfMessagesPublished\"}},\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"color\":{\"family\":\"Categorical Light\"},\"legend\":{\"enabled\":false},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFilteredOut Statistic=Sum | sum ",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum by metric , TopicName | topk (10, sum)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -671,15 +635,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel53EF06C4A2B08A4A",
-                    "title": "SMS Success Rate",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"SMS\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "key": "panel8DF75C14B6BC3A49",
+                    "title": "Top 10 Active Topics by Notifications Failed",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"TopicName\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"NumberOfNotificationsFailed\"}},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{}}],\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"color\":{\"family\":\"Categorical Light\"},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SMSSuccessRate Statistic=Sum | sum",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by metric , TopicName | topk (10, sum)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -698,15 +662,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel9B5290EA9C1C1849",
-                    "title": "SMS Month To Date Spent USD",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"USD\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
+                    "key": "panel0344AFB8A76FF84C",
+                    "title": "Top 10 Active Topics by Notifications Delivered",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"TopicName\"},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"title\":\"NumberOfNotificationsDelivered\"}},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{}}],\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\",\"aggregationType\":\"sum\"},\"color\":{\"family\":\"Categorical Light\"},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} metric=SMSMonthToDateSpentUSD Statistic=Sum | sum",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by metric , TopicName | topk (10, sum)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -821,7 +785,7 @@
                 "layoutStructures": [
                     {
                         "key": "panel40B571E3A8CF694E",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}"
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":13}"
                     },
                     {
                         "key": "panel93252B51B57EDB4D",
@@ -845,15 +809,15 @@
                     },
                     {
                         "key": "panel6BF3727D86A0E949",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}"
+                        "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":22}"
                     },
                     {
                         "key": "panelCB717EB5B480A948",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}"
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":22}"
                     },
                     {
                         "key": "panel5C761868A14A7B40",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}"
+                        "structure": "{\"height\":9,\"width\":12,\"x\":12,\"y\":13}"
                     },
                     {
                         "key": "panel2C1AFF3CADD60947",
@@ -874,13 +838,13 @@
                     "id": null,
                     "key": "panel40B571E3A8CF694E",
                     "title": "Messages Published (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Messages\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Messages\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}}  metric=NumberOfMessagesPublished Statistic=Sum | sum by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}}  metric=NumberOfMessagesPublished Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -953,7 +917,7 @@
                 {
                     "id": null,
                     "key": "panel246853BDA98F894A",
-                    "title": "Failed Events",
+                    "title": "Error Events",
                     "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"svp\",\"displayType\":\"default\",\"mode\":\"singleValueMetrics\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"0\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":1,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -1034,8 +998,8 @@
                 {
                     "id": null,
                     "key": "panel9CBE3510857A6845",
-                    "title": "Events by User",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"user\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "title": "Events by Users and Types",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"title\":\"User\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event Types\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Light\"},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1062,13 +1026,13 @@
                     "id": null,
                     "key": "panel6BF3727D86A0E949",
                     "title": "Notifications Delivered (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"aggregationType\":\"avg\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -1115,13 +1079,13 @@
                     "id": null,
                     "key": "panelCB717EB5B480A948",
                     "title": "Notifications Failed (Today, Yesterday, Last Week) ",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today \"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"color\":\"#50caf2\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Notifications\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfNotificationsFailed Statistic=Sum | sum ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -1168,13 +1132,13 @@
                     "id": null,
                     "key": "panel5C761868A14A7B40",
                     "title": "Message Publish Size (Today, Yesterday, Last Week)",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size\"},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\"},\"series\":{},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"color\":\"#6fb9d1\",\"name\":\"Today\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"color\":\"#f0731f\",\"name\":\"Yesterday\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"color\":\"#4f3aab\",\"name\":\"Last Week\"}}],\"axes\":{\"axisY\":{\"title\":\"Message Size\",\"unit\":{\"value\":\"B\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"hiddenQueryKeys\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg by account,region,TopicName",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=PublishSize Statistic=Average | avg ",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
@@ -1220,14 +1184,14 @@
                 {
                     "id": null,
                     "key": "panel2C1AFF3CADD60947",
-                    "title": "Events by Topic Name",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
+                    "title": "Topic Names by Event Count",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"Topic Name\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Event Count\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{\"A_11-solutions-awslogs\":{\"visible\":true},\"A_12-solutions-awslogs\":{\"visible\":true},\"A_13-solutions-awslogs\":{\"visible\":true},\"A_BI-LogsCollector-BICWEmailSNSTopic-1MQUDFLZF0NOS\":{\"visible\":true},\"A_CPU_usage\":{\"visible\":true},\"A_NitinAuroraCWLogAudit-SumoCWEmailSNSTopic-12RYDWUON6XVT\":{\"visible\":true},\"A_NitinAuroraCWLogError-SumoCWEmailSNSTopic-LQKJDO1CY9S8\":{\"visible\":true},\"A_NitinAuroraCWLogGeneral-SumoCWEmailSNSTopic-C4YC53ZVBBOE\":{\"visible\":true},\"A_NitinAuroraCWLogSlowQuery-SumoCWEmailSNSTopic-AHZLA5G60USS\":{\"visible\":true},\"A_NotifyMe\":{\"visible\":true},\"A_SESNotificationTestByNitin\":{\"visible\":true},\"A_SESbyNitin\":{\"visible\":true},\"A_SNSAppSomya01\":{\"visible\":true},\"A_SNSAppSomya02\":{\"visible\":true},\"A_SNSAppSomya03\":{\"visible\":true},\"A_SNSAppTest-Somya01\":{\"visible\":true},\"A_SNSAppTest-Somya02\":{\"visible\":true},\"A_SNSTopic4\":{\"visible\":true},\"A_SourabhCloudWatch-SumoCWEmailSNSTopic-XRUAPIF2HPWL\":{\"visible\":true},\"A_SumoContent_Billing\":{\"visible\":true},\"A_SumoInspectorTrigger\":{\"visible\":true},\"A_SumoLogic-Aws-Observability-Module-8apyj2ekn2\":{\"visible\":true},\"A_SumoLogic-Aws-Observability-Module-zn3s2z6i0t\":{\"visible\":true},\"A_SumoLogic-Terraform-CloudTrail-Module-7ze3ita3x9\":{\"visible\":true},\"A_SumoSNSTopic-anema-elb-classic-log-s3-sns\":{\"visible\":true},\"A_SumoSNSTopic-event-based-field-enablement\":{\"visible\":true},\"A_SumoSNSTopic-test-event-based-cf\":{\"visible\":true},\"A_TestLambdaLogFmt-SumoCWEmailSNSTopic-16AT76WQUY8IH\":{\"visible\":true},\"A_auroraCWCollection-SumoCWEmailSNSTopic-9L52U6PPO88T\":{\"visible\":true},\"A_awso-testautomation-do-not-delete\":{\"visible\":true},\"A_config-topic\":{\"visible\":true},\"A_dynamodb\":{\"visible\":true},\"A_redis01\":{\"visible\":true},\"A_securityHub-sns\":{\"visible\":true},\"A_sumo-bi-test\":{\"visible\":true},\"A_sumo-sns-topic-956882708938-45f7b250\":{\"visible\":true},\"A_sumo-sns-topic-956882708938-465d1a50\":{\"visible\":true},\"A_sumo-sns-topic-content-ed5aadf0\":{\"visible\":true},\"A_testnull-SumoCWEmailSNSTopic-1NV3GQ8XZ4DFY\":{\"visible\":true},\"A_topic-name\":{\"visible\":true}},\"overrides\":[],\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Light\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| timeslice 1h\n| count as event_count by _timeslice, topicname\n| transpose row _timeslice column topicname",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| timeslice 1h\n| count as event_count by _timeslice, topicname\n| transpose row _timeslice column topicname\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1396,23 +1360,23 @@
                     },
                     {
                         "key": "panelEB163726B40EDB42",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":28}"
+                        "structure": "{\"height\":7,\"width\":13,\"x\":0,\"y\":35}"
                     },
                     {
-                        "key": "panel9FE68E49A0060A4D",
-                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":28}"
+                        "key": "panelFA76DDA1858D6941",
+                        "structure": "{\"height\":6,\"width\":10,\"x\":5,\"y\":9}"
                     },
                     {
-                        "key": "panel47C00A9996D1FB46",
-                        "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":34}"
+                        "key": "panelEA26769CA251884A",
+                        "structure": "{\"height\":7,\"width\":11,\"x\":13,\"y\":28}"
                     },
                     {
-                        "key": "panelFA76DDA1858D6941",
-                        "structure": "{\"height\":6,\"width\":10,\"x\":5,\"y\":9}"
+                        "key": "panelDCAE9CBE8FF65945",
+                        "structure": "{\"height\":7,\"width\":13,\"x\":0,\"y\":28}"
                     },
                     {
-                        "key": "panelB3E1C834A1026A43",
-                        "structure": "{\"height\":6,\"width\":15,\"x\":9,\"y\":34}"
+                        "key": "panel81CB1F119E659A4D",
+                        "structure": "{\"height\":7,\"width\":11,\"x\":13,\"y\":35}"
                     }
                 ]
             },
@@ -1447,7 +1411,7 @@
                 {
                     "id": null,
                     "key": "panel13A28BCF9195784A",
-                    "title": "Failure Events Location",
+                    "title": "Error Events Location",
                     "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -1501,8 +1465,8 @@
                 {
                     "id": null,
                     "key": "panel63133FE7966C3B44",
-                    "title": "Top Error Codes",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "title": "Top 10 Error Codes",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Light\"},\"overrides\":[],\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"title\":\"Error Code\",\"hideLabels\":false},\"axisY\":{\"title\":\"Event Count\"}},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1555,7 +1519,7 @@
                 {
                     "id": null,
                     "key": "panel08DA60FCB6CBA94F",
-                    "title": "Failed Events by Event Name",
+                    "title": "Error Events by Event Name",
                     "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"innerRadius\":\"30%\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -1575,21 +1539,28 @@
                         }
                     ],
                     "description": "",
-                    "timeRange": null,
+                    "timeRange": {
+                        "type": "BeginBoundedTimeRange",
+                        "from": {
+                            "type": "RelativeTimeRangeBoundary",
+                            "relativeTime": "-4w2d"
+                        },
+                        "to": null
+                    },
                     "coloringRules": null,
                     "linkedDashboards": []
                 },
                 {
                     "id": null,
                     "key": "panel554DCC97A661E840",
-                    "title": "Failed Event Details",
+                    "title": "Error Events Detail",
                     "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1s\n| count as event_count by _timeslice, event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n| sort by _timeslice\n| limit 100",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1636,7 +1607,7 @@
                 {
                     "id": null,
                     "key": "panel04C58849BF85EA40",
-                    "title": "Successful Event Details",
+                    "title": "Successful Events Detail",
                     "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
@@ -1664,7 +1635,7 @@
                     "id": null,
                     "key": "panelEB163726B40EDB42",
                     "title": "Top 10 Users by Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Light\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"title\":\"User\",\"hideLabels\":false},\"axisY\":{\"title\":\"Event Count\"}},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1689,15 +1660,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel9FE68E49A0060A4D",
-                    "title": "Events by User",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"bar\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panelFA76DDA1858D6941",
+                    "title": "Events Trend ",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user, event_name\n| transpose row user column event_name",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name\n",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1716,15 +1687,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panel47C00A9996D1FB46",
-                    "title": "Top 10 Active TopicNames by Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}",
+                    "key": "panelEA26769CA251884A",
+                    "title": "Top 10 TopicNames by Error Events",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Light\"},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"title\":\"Topic Name\",\"hideLabels\":false},\"axisY\":{\"title\":\"Event Count\"}},\"legend\":{\"enabled\":false},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| count as event_count by topicname\n| top 10 topicname by event_count, topicname asc",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| count as event_count by topicname\n| top 10 topicname by event_count, topicname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1743,15 +1714,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panelFA76DDA1858D6941",
-                    "title": "Events Trend ",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"displayType\":\"stacked\"},\"series\":{},\"overrides\":[]}",
+                    "key": "panelDCAE9CBE8FF65945",
+                    "title": "Top 10 Active TopicNames by Events",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Light\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"title\":\"Topic Name\",\"hideLabels\":false},\"axisY\":{\"title\":\"Event Count\"},\"axisY2\":{\"title\":\"\"}},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\"\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| timeslice 1h\n| count as event_count by _timeslice, event_name\n| transpose row _timeslice column event_name\n",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topicname\n| count as event_count by topicname\n| top 10 topicname by event_count, topicname asc",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
@@ -1770,15 +1741,15 @@
                 },
                 {
                     "id": null,
-                    "key": "panelB3E1C834A1026A43",
-                    "title": " Active TopicNames by Events",
-                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"stacked\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[]}",
+                    "key": "panel81CB1F119E659A4D",
+                    "title": "Top 10 Users by Error Events",
+                    "visualSettings": "{\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"color\":{\"family\":\"Categorical Light\"},\"legend\":{\"enabled\":false},\"overrides\":[],\"axes\":{\"axisX\":{\"labelPlacement\":\"inside\",\"labelWrap\":true,\"labelMaxWidth\":500,\"labelFontColor\":\"black\",\"title\":\"User\",\"hideLabels\":false},\"axisY\":{\"title\":\"Event Count\"}}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" topicArn\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\"\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| where !isEmpty(topic_arn)\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as topic_region, topic_accountid, topic_name\n| count as event_count by topic_name, event_name\n| transpose row topic_name column event_name",
+                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| where (tolowercase(topicname) matches tolowercase(\"{{topicname}}\")) or isBlank(topicname)\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by user\n| top 10 user by event_count",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,

From 532a9983163fac8627326b9b2fb3a90b707f477d Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Mon, 18 Jul 2022 16:22:10 +0530
Subject: [PATCH 74/82] corrceted app name and monitors

---
 aws-observability-terraform/app-modules/sns/app.tf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/aws-observability-terraform/app-modules/sns/app.tf b/aws-observability-terraform/app-modules/sns/app.tf
index 278ad243..76761a00 100644
--- a/aws-observability-terraform/app-modules/sns/app.tf
+++ b/aws-observability-terraform/app-modules/sns/app.tf
@@ -69,8 +69,8 @@ module "sns_module" {
           detection_method = "StaticCondition",
           time_range       = "-5m",
           trigger_type     = "Critical",
-          threshold        = 5,
-          threshold_type   = "GreaterThanOrEqual",
+          threshold        = 2,
+          threshold_type   = "GreaterThan",
           occurrence_type  = "Always",
           trigger_source   = "AnyTimeSeries"
         },
@@ -78,8 +78,8 @@ module "sns_module" {
           detection_method = "StaticCondition",
           time_range       = "-5m",
           trigger_type     = "ResolvedCritical",
-          threshold        = 5,
-          threshold_type   = "LessThan",
+          threshold        = 2,
+          threshold_type   = "LessThanOrEqual",
           occurrence_type  = "Always",
           trigger_source   = "AnyTimeSeries"
         }
@@ -103,7 +103,7 @@ module "sns_module" {
           time_range       = "-5m",
           trigger_type     = "Critical",
           threshold        = 5,
-          threshold_type   = "GreaterThanOrEqual",
+          threshold_type   = "GreaterThan",
           occurrence_type  = "ResultCount",
           trigger_source   = "AllResults"
         },
@@ -112,7 +112,7 @@ module "sns_module" {
           time_range       = "-5m",
           trigger_type     = "ResolvedCritical",
           threshold        = 5,
-          threshold_type   = "LessThan",
+          threshold_type   = "LessThanOrEqual",
           occurrence_type  = "ResultCount",
           trigger_source   = "AllResults"
         }

From a235c3ce4f9cb58eb9961d8e0cae2d48d36eafb2 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Mon, 18 Jul 2022 16:25:49 +0530
Subject: [PATCH 75/82] updated app and monitor name in TF

---
 aws-observability-terraform/app-modules/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws-observability-terraform/app-modules/variables.tf b/aws-observability-terraform/app-modules/variables.tf
index 7e6d6b2e..b8dfc795 100644
--- a/aws-observability-terraform/app-modules/variables.tf
+++ b/aws-observability-terraform/app-modules/variables.tf
@@ -49,7 +49,7 @@ variable "apps_folder_name" {
             Provide a folder name where all the apps will be installed under the Personal folder of the user whose access keys you have entered.
             Default value will be: AWS Observability Apps
         EOT
-  default     = "AWS Observability Apps TF"
+  default     = "AWS Observability Apps"
 }
 
 variable "parent_folder_id" {
@@ -64,7 +64,7 @@ variable "monitors_folder_name" {
             Provide a folder name where all the monitors will be installed under Monitor Folder.
             Default value will be: AWS Observability Monitors
         EOT
-  default     = "AWS Observability Monitors TF"
+  default     = "AWS Observability Monitors"
 }
 
 variable "connection_notifications" {

From aff2d13f2791c116b1d426e7f3345c031c887390 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Mon, 18 Jul 2022 16:37:06 +0530
Subject: [PATCH 76/82] corrected app name

---
 aws-observability/json/Sns-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/Sns-App.json b/aws-observability/json/Sns-App.json
index ff41727f..12aaf943 100644
--- a/aws-observability/json/Sns-App.json
+++ b/aws-observability/json/Sns-App.json
@@ -1,6 +1,6 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "AWS SNS",
+    "name": "Amazon SNS",
     "description": "The Sumo Logic App for Amazon SNS is a unified logs and metrics App that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service.",
     "children": [
         {

From 9cddf4a2b18ac55ec9d082243ad2efcc634b0e37 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Wed, 27 Jul 2022 22:13:50 +0530
Subject: [PATCH 77/82] renaming aws ec2 app - coudwatch based and hosted
 collector based and updating the version in awso installation script to 2.5

---
 .../json/EC2-CW-Metrics-App.json              |   4 +-
 aws-observability/json/EC2-Metrics-App.json   | 621 +-----------------
 .../AWSOAutoSetupScript/DeployAWSOPosix.sh    |  77 +++
 .../AWSOAutoSetupScript/DeployAWSOWin.ps1     |  74 +++
 .../scripts/AWSOAutoSetupScript/README.md     |  40 ++
 5 files changed, 194 insertions(+), 622 deletions(-)
 create mode 100644 aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh
 create mode 100644 aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1
 create mode 100644 aws-observability/scripts/AWSOAutoSetupScript/README.md

diff --git a/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability/json/EC2-CW-Metrics-App.json
index c09939af..a76786b0 100644
--- a/aws-observability/json/EC2-CW-Metrics-App.json
+++ b/aws-observability/json/EC2-CW-Metrics-App.json
@@ -1,7 +1,7 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "AWS EC2 CW Metrics",
-    "description": "The Sumo Logic App for AWS EC2 (CloudWatch Metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, network, EBS and Health Status Check.",
+    "name": "AWS EC2",
+    "description": "The Sumo Logic App for AWS EC2 allows you to collect your EC2 instance metrics (CloudWatch) and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, network, EBS and Health Status Check. Also it provides detailed insights into all CloudTrail audit events associated with EC2 instances and specifically helps identify changes, errors and user activities.",
     "children": [
         {
             "type": "DashboardV2SyncDefinition",
diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index 88d88edc..bd8a7ca5 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -1,6 +1,6 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "AWS EC2 Metrics",
+    "name": "Host metrics (EC2)",
     "description": "The Sumo Logic App for AWS EC2 (Host OS metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, memory, network, TCP.",
     "children": [
         {
@@ -1339,625 +1339,6 @@
             ],
             "coloringRules": []
         },
-        {
-            "type": "DashboardV2SyncDefinition",
-            "name": "2.2 AWS EC2 - Events",
-            "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
-            "title": "2.2 AWS EC2 - Events",
-            "theme": "Light",
-            "topologyLabelMap": {
-                "data": {
-                    "namespace": [
-                        "aws/ec2"
-                    ],
-                    "region": [
-                        "*"
-                    ],
-                    "account": [
-                        "*"
-                    ]
-                }
-            },
-            "refreshInterval": 0,
-            "timeRange": {
-                "type": "BeginBoundedTimeRange",
-                "from": {
-                    "type": "RelativeTimeRangeBoundary",
-                    "relativeTime": "-1d"
-                },
-                "to": null
-            },
-            "layout": {
-                "layoutType": "Grid",
-                "layoutStructures": [
-                    {
-                        "key": "panelPANE-9A6827ADAFD40B48",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":12}"
-                    },
-                    {
-                        "key": "panel808FD9FD8BFB6846",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":34}"
-                    },
-                    {
-                        "key": "panelPANE-F6D67170A3207848",
-                        "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":2}"
-                    },
-                    {
-                        "key": "panelPANE-55BA9CD690905848",
-                        "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":20}"
-                    },
-                    {
-                        "key": "panelE1BCBDE685FB3944",
-                        "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":41}"
-                    },
-                    {
-                        "key": "panelPANE-4D66006086774A44",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":12}"
-                    },
-                    {
-                        "key": "panelPANE-829F6ADB86227949",
-                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":41}"
-                    },
-                    {
-                        "key": "panel1DA5F9AA9C03F945",
-                        "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":34}"
-                    },
-                    {
-                        "key": "panelPANE-C6B1C1249FED294C",
-                        "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":25}"
-                    },
-                    {
-                        "key": "panel422C79CD944AC840",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":12}"
-                    },
-                    {
-                        "key": "panelB86F7C84926F1844",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":12}"
-                    },
-                    {
-                        "key": "panelABB275868F4B2A44",
-                        "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":20}"
-                    },
-                    {
-                        "key": "panelA10E415491CA1B4F",
-                        "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":25}"
-                    },
-                    {
-                        "key": "panelPANE-4B95C387A7D03B47",
-                        "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":47}"
-                    },
-                    {
-                        "key": "panelF999E9E5A6591B41",
-                        "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":2}"
-                    },
-                    {
-                        "key": "panelC8228A47A6D3DA4D",
-                        "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":25}"
-                    },
-                    {
-                        "key": "panelPANE-4022F95385542A46",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":33}"
-                    },
-                    {
-                        "key": "panelD9E5828D86D12941",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":40}"
-                    },
-                    {
-                        "key": "panelPANE-E40BD69ABB08F949",
-                        "structure": "{\"height\":2,\"width\":24,\"x\":0,\"y\":0}"
-                    }
-                ]
-            },
-            "panels": [
-                {
-                    "id": null,
-                    "key": "panelPANE-9A6827ADAFD40B48",
-                    "title": "Event Status",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_status\n| sort by _count, event_status asc",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel808FD9FD8BFB6846",
-                    "title": "Successful Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-F6D67170A3207848",
-                    "title": "Successful Event Locations",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-55BA9CD690905848",
-                    "title": "Events Types Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelE1BCBDE685FB3944",
-                    "title": "Failed Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-4D66006086774A44",
-                    "title": "Top 10 Error Codes",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-829F6ADB86227949",
-                    "title": "Latest Failed Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel1DA5F9AA9C03F945",
-                    "title": "Latest Successful Events",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and isEmpty(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-C6B1C1249FED294C",
-                    "title": "Top 10 AssumedRole  Users",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as count by user\n| sort by count, user asc | limit 10",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panel422C79CD944AC840",
-                    "title": "Top Events Types",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by event_name\n| sort by count, event_name asc | limit 20",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelB86F7C84926F1844",
-                    "title": "Event Types",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\",  if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelABB275868F4B2A44",
-                    "title": "Events Status Trend",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_status\n| transpose row _timeslice column event_status",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelA10E415491CA1B4F",
-                    "title": "Top 10 IAM Users",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as count by user\n| sort by count, user asc | limit 10",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-4B95C387A7D03B47",
-                    "title": "Events from Known Malicious IP Addresses",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name // , user, user_agent, instanceid\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where  type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, type, actor, malicious_confidence // , user, user_agent, instanceid",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Auto",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelF999E9E5A6591B41",
-                    "title": "Failure Event Locations",
-                    "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and !isBlank(error_code)\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude from geo://location on ip = src_ip\n| where !isNull(latitude)",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelC8228A47A6D3DA4D",
-                    "title": "Top 10 User Agents",
-                    "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "SumoSearchPanel",
-                    "queries": [
-                        {
-                            "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop  \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_3>.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?<req_instanceid_4>.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?<res_instanceType>.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?<res_instanceid>.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1,  if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by user_agent\n| sort by count, user_agent asc | limit 10",
-                            "queryType": "Logs",
-                            "queryKey": "A",
-                            "metricsQueryMode": null,
-                            "metricsQueryData": null,
-                            "tracesQueryData": null,
-                            "spansQueryData": null,
-                            "parseMode": "Manual",
-                            "timeSource": "Message",
-                            "outputCardinalityLimit": 1000
-                        }
-                    ],
-                    "description": "",
-                    "timeRange": null,
-                    "coloringRules": null,
-                    "linkedDashboards": []
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-4022F95385542A46",
-                    "title": "Successful Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"title\":{\"fontSize\":16},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"fontSize\":16,\"showTitle\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "TextPanel",
-                    "text": "Successful Events"
-                },
-                {
-                    "id": null,
-                    "key": "panelD9E5828D86D12941",
-                    "title": "Failure Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false,\"fontSize\":16},\"title\":{\"fontSize\":16}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "TextPanel",
-                    "text": "Failure Events"
-                },
-                {
-                    "id": null,
-                    "key": "panelPANE-E40BD69ABB08F949",
-                    "title": "Note",
-                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\"},\"series\":{},\"legend\":{\"enabled\":false}}",
-                    "keepVisualSettingsConsistentWithParent": true,
-                    "panelType": "TextPanel",
-                    "text": "This dashboard requires AWS CloudTrail Logs from AWS account and the contents are specific for AWS EC2 instance(s)."
-                }
-            ],
-            "variables": [
-                {
-                    "id": null,
-                    "name": "account",
-                    "displayName": null,
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "",
-                        "key": "account"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                },
-                {
-                    "id": null,
-                    "name": "region",
-                    "displayName": null,
-                    "defaultValue": "*",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}}",
-                        "key": "region"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                },
-                {
-                    "id": null,
-                    "name": "namespace",
-                    "displayName": "namespace",
-                    "defaultValue": "aws/ec2",
-                    "sourceDefinition": {
-                        "variableSourceType": "MetadataVariableSourceDefinition",
-                        "filter": "account={{account}} region={{region}} namespace=aws/ec2",
-                        "key": "namespace"
-                    },
-                    "allowMultiSelect": false,
-                    "includeAllOption": true,
-                    "hideFromUI": false,
-                    "valueType": "Any"
-                }
-            ],
-            "coloringRules": []
-        },
         {
             "type": "DashboardV2SyncDefinition",
             "name": "2.2. AWS EC2 CPU (Host OS metrics)",
diff --git a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh
new file mode 100644
index 00000000..cbfad8fd
--- /dev/null
+++ b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+if ! command -v aws &> /dev/null
+then
+    echo "aws cli not installed. Please install aws cli and rerun the script"
+    exit
+fi
+now="$(date)"
+echo "Script initiated at : $now"
+#input to the script is sumo accessId and accessKey
+export SUMO_ACCESS_ID=$1
+export SUMO_ACCESS_KEY=$2
+if [ -z "$AWS_PROFILE" ]
+then
+    AWS_PROFILE=default
+fi
+#identify sumo deployment associated with sumo accessId and accessKey
+export apiUrl="https://api.sumologic.com"
+response=$(curl -s -i -u "${SUMO_ACCESS_ID}:${SUMO_ACCESS_KEY}" -X GET "${apiUrl}"/api/v1/collectors/)
+location=`echo "$response" | grep "location:"`
+deployment="us1"
+if [ ! -z "$location" ]
+then
+    IFS='.' read -ra ADDR <<< "$location"
+    deployment="${ADDR[1]}"
+    apiUrl="https://api.${deployment}.sumologic.com"
+fi
+
+#identify sumo OrgId associated with sumo accessId and accessKey
+# orgId=`(curl -s -u "${SUMO_ACCESS_ID}:${SUMO_ACCESS_KEY}" -X GET "${apiUrl}"/api/v1/account/contract -H "Accept: application/json") | jq -r '.orgId'`
+response1=$(curl -s -u "${SUMO_ACCESS_ID}:${SUMO_ACCESS_KEY}" -X GET "${apiUrl}"/api/v1/account/contract -H "Accept: application/json")
+orgId=`echo $response1 | jq -r '.orgId'`
+if [ "$orgId" = null ]
+then
+    errorResponse=`echo $response1 | jq -r '.errors'`
+    if [ "$errorResponse" = null ]
+    then
+        errorResponse=`echo $response1 | jq -r '.message'`
+    fi
+    echo "Following Error Occured while fetching orgId: $errorResponse"
+    exit
+fi
+
+echo '["Section1aSumoLogicDeployment='${deployment}'",' >param.json  
+
+echo '"Section1bSumoLogicAccessID='${SUMO_ACCESS_ID}'",' >> param.json
+
+echo '"Section1cSumoLogicAccessKey='${SUMO_ACCESS_KEY}'",' >> param.json
+
+echo '"Section1dSumoLogicOrganizationId='${orgId}'",' >> param.json
+
+awsAccountId=`aws sts get-caller-identity | jq -r '.Account'` 
+echo '"Section2aAccountAlias='${awsAccountId}'"' >> param.json
+
+echo ']'>>param.json
+
+#download the sumo logic AWS Observability solution's master template
+aws s3 cp s3://sumologic-appdev-aws-sam-apps/aws-observability-versions/v2.5.0/sumologic_observability.master.template.yaml sumologic_observability_template.yaml
+
+#extract stack name into a variable with unique identifier appended
+stackName="sumoawsoquicksetup"
+now="$(date)"
+echo "Script Configuration completed. Triggering CloudFormation Template at : $now"
+aws cloudformation deploy --profile ${AWS_PROFILE} \
+  --template-file sumologic_observability_template.yaml \
+  --stack-name ${stackName} \
+  --parameter-overrides file://param.json \
+  --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND
+if [ "$?" != 0 ]
+then
+    echo "Error Occured in aws cloudformation command"
+    exit
+fi
+
+#remove the parameter json file
+rm param.json
+now="$(date)"
+echo "Script completed at : $now"
\ No newline at end of file
diff --git a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1 b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1
new file mode 100644
index 00000000..955c6684
--- /dev/null
+++ b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1
@@ -0,0 +1,74 @@
+try{
+$awsCheck=aws --version
+}
+catch{
+	echo "aws cli not installed. Please install aws cli and rerun the script"
+	Exit
+}
+$now=Get-Date
+echo "Script initiated at : $now"
+#input to the script is sumo accessId and accessKey
+$SUMO_ACCESS_ID = $args[0]
+$SUMO_ACCESS_KEY = $args[1]
+if(-not $AWS_PROFILE){
+	$AWS_PROFILE="default"
+}
+#identify sumo deployment associated with sumo accessId and accessKey
+$apiUrl="https://api.sumologic.com"
+$deployment="us1"
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f "$SUMO_ACCESS_ID","$SUMO_ACCESS_KEY")))
+
+try{
+$result = Invoke-WebRequest -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)}  -Uri "https://api.sumologic.com/api/v1/collectors/"
+}
+catch {
+	$hostvar = $_.Exception.Response.ResponseUri.Host
+	$deployment=$hostvar.Split(".")[1]
+	$apiUrl="https://api.$deployment.sumologic.com"
+}
+
+#identify sumo OrgId associated with sumo accessId and accessKey
+try{
+$response=Invoke-WebRequest -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)}  -Uri "$apiUrl/api/v1/account/contract"
+}
+catch{
+	echo "Following Error Occured while fetching orgId: $_ "
+	Exit
+}
+$response=$response.Content | ConvertFrom-Json
+$orgId=$response.orgId
+$fileName="param.json"
+New-Item -Path $fileName -ItemType File -Force
+Add-Content $fileName "[`"Section1aSumoLogicDeployment=${deployment}`","
+Add-Content $fileName "`"Section1bSumoLogicAccessID=${SUMO_ACCESS_ID}`","
+Add-Content $fileName "`"Section1cSumoLogicAccessKey=${SUMO_ACCESS_KEY}`","
+Add-Content $fileName "`"Section1dSumoLogicOrganizationId=${orgId}`","
+
+$awscmd=aws sts get-caller-identity
+$json = @"
+$awscmd
+"@
+$x = $json | ConvertFrom-Json
+$awsAccountId = $x.Account
+Add-Content $fileName "`"Section2aAccountAlias=${awsAccountId}`"]"
+aws s3 cp s3://sumologic-appdev-aws-sam-apps/aws-observability-versions/v2.5.0/sumologic_observability.master.template.yaml sumologic_observability_template.yaml
+
+
+$stackName="sumoawsoquicksetup"
+$now=Get-Date
+echo "Script Configuration completed. Triggering CloudFormation Template at : $now"
+aws cloudformation deploy --profile ${AWS_PROFILE} --template-file sumologic_observability_template.yaml --stack-name $stackName --parameter-overrides file://param.json --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND
+if($LASTEXITCODE -ne 0){
+	echo "Error Occured in aws cloudformation command"
+	Exit
+}
+Remove-Item param.json
+
+$now=Get-Date
+echo "Script completed at : $now"
+
+
+
+ 
\ No newline at end of file
diff --git a/aws-observability/scripts/AWSOAutoSetupScript/README.md b/aws-observability/scripts/AWSOAutoSetupScript/README.md
new file mode 100644
index 00000000..84200085
--- /dev/null
+++ b/aws-observability/scripts/AWSOAutoSetupScript/README.md
@@ -0,0 +1,40 @@
+## Pre-Requisite
+[AWS CLI](https://aws.amazon.com/cli/)
+
+# For installing on Mac and Linux, here are the instructions
+# AWS Observability Deployment using Script
+The `DeployAWSOPosix.sh` enables you to deploy the AWS Observability CloudFromation template using AWS CLI commands.
+
+
+
+## Parameters
+Script takes two inputs
+1. SUMO ACCESS ID - Provide the Sumo Access Id from your respective Sumo Logic Account where you want to install AWS Observability Solution
+2. SUMO ACCESS KEY - Provide the Sumo Access Key from your respective Sumo Logic Account where you want to install AWS Observability Solution
+
+AWS_PROFILE can be set as environment variable from the Command Line before executing the sh file. If it is not set, default aws profile will be picked from the local machine.
+
+## Command
+Below is an example to run the sh file with respective parameters
+ 
+`sh DeployTemplate.sh <SUMO_ACCESS_ID> <SUMO_ACCESS_KEY>`
+
+
+
+
+
+# For installing on Windows through powershell, here are the instructions
+# AWS Observability Deployment using Script
+The `DeployAWSOWin.ps1` enables you to deploy the AWS Observability CloudFromation template using AWS CLI commands.
+
+## Parameters
+Script takes two inputs
+1. SUMO ACCESS ID - Provide the Sumo Access Id from your respective Sumo Logic Account where you want to install AWS Observability Solution
+2. SUMO ACCESS KEY - Provide the Sumo Access Key from your respective Sumo Logic Account where you want to install AWS Observability Solution
+
+AWS_PROFILE can be set as environment variable from the Command Line before executing the ps1 file. If it is not set, default aws profile will be picked from the local machine.
+
+## Command
+Below is an example to run the ps1 file with respective parameters
+ 
+`.\DeployAWSOWin.ps1 <SUMO_ACCESS_ID> <SUMO_ACCESS_KEY>`
\ No newline at end of file

From c5be8fe5684e0ccf378d211fd14dcbc7b8c4a67e Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Wed, 27 Jul 2022 22:23:58 +0530
Subject: [PATCH 78/82] adding cloudtrail to the events dashboard in aws ec2
 app

---
 aws-observability/json/EC2-CW-Metrics-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/EC2-CW-Metrics-App.json b/aws-observability/json/EC2-CW-Metrics-App.json
index a76786b0..32586d51 100644
--- a/aws-observability/json/EC2-CW-Metrics-App.json
+++ b/aws-observability/json/EC2-CW-Metrics-App.json
@@ -2134,7 +2134,7 @@
         },
         {
             "type": "DashboardV2SyncDefinition",
-            "name": "2.1 AWS EC2 - Events",
+            "name": "2.1 AWS EC2 - Events (CloudTrail)",
             "description": "The AWS EC2 - Events dashboard provides detailed insights into all cloudtrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities.",
             "title": "2.1 AWS EC2 - Events",
             "theme": "Light",

From 66df5eddf07eda06b46482bd7053254f1a5c89f6 Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Wed, 27 Jul 2022 23:10:29 +0530
Subject: [PATCH 79/82] case correction in app name

---
 aws-observability/json/EC2-Metrics-App.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json
index bd8a7ca5..0cf6e803 100644
--- a/aws-observability/json/EC2-Metrics-App.json
+++ b/aws-observability/json/EC2-Metrics-App.json
@@ -1,6 +1,6 @@
 {
     "type": "FolderSyncDefinition",
-    "name": "Host metrics (EC2)",
+    "name": "Host Metrics (EC2)",
     "description": "The Sumo Logic App for AWS EC2 (Host OS metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for cpu, disk, memory, network, TCP.",
     "children": [
         {

From 4efd7e95ba594e4c900741b80fc5fafca9673981 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Thu, 28 Jul 2022 02:08:32 +0530
Subject: [PATCH 80/82] updated apps

---
 aws-observability/json/Overview-App.json | 582 ++++++++++++++++++++---
 aws-observability/json/Sns-App.json      |   2 +-
 2 files changed, 515 insertions(+), 69 deletions(-)

diff --git a/aws-observability/json/Overview-App.json b/aws-observability/json/Overview-App.json
index 628f17ea..f390c698 100644
--- a/aws-observability/json/Overview-App.json
+++ b/aws-observability/json/Overview-App.json
@@ -8,7 +8,6 @@
             "name": "1. AWS Account Overview",
             "description": "This dashboard provide detail information about your AWS account.",
             "title": "1. AWS Account Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -130,7 +129,7 @@
                     },
                     {
                         "key": "panel715899D4A61D7A4E",
-                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":45}"
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":52}"
                     },
                     {
                         "key": "panel892FA012BAB81847",
@@ -183,6 +182,26 @@
                     {
                         "key": "panel510C3885ADF8E840",
                         "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}"
+                    },
+                    {
+                        "key": "panel6BDD3F368212D94C",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":45}"
+                    },
+                    {
+                        "key": "panelPANE-09B5C909AF85A945",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":0,\"y\":53}"
+                    },
+                    {
+                        "key": "panel1018B3D7B3F7FA4A",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":6,\"y\":53}"
+                    },
+                    {
+                        "key": "panelPANE-1861F2059CF4594F",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":12,\"y\":53}"
+                    },
+                    {
+                        "key": "panel0C2C8078ADFC894A",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":18,\"y\":53}"
                     }
                 ]
             },
@@ -196,14 +215,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=AWS/Lambda metric=Errors statistic=Sum account={{account}} region=* functionname=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -220,44 +242,56 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/dynamodb metric=UserErrors Statistic=SampleCount account={{account}} region=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/dynamodb metric=SystemErrors Statistic=SampleCount account={{account}} region=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/dynamodb metric=ConditionalCheckFailedRequests Statistic=SampleCount account={{account}} region=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#A+#B+#C",
                             "queryType": "Metrics",
                             "queryKey": "D",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -274,14 +308,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=AWS/EC2 metric=CPU_Total account={{account}} region=* instanceId=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -298,14 +335,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/rds metric=CPUUtilization statistic=average account={{account}} region=* dbidentifier=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -322,14 +362,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=AWS/EC2 account={{account}} metric=Mem_Free region=* instanceId=* | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -346,14 +389,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/rds metric=FreeableMemory statistic=average account={{account}} region=* dbidentifier=* | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -370,14 +416,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ApiGateway (metric=4XXError or metric=5XXError) statistic=Sum account={{account}} region=* apiname=* | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -389,19 +438,22 @@
                     "id": null,
                     "key": "panelPANE-F361E48F8E269B40",
                     "title": "ALB Errors",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ApplicationELB (metric=HTTPCode_ELB_4XX_Count or metric=HTTPCode_ELB_5XX_Count) statistic=Sum account={{account}} region=* loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -472,14 +524,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "(*Create* or *Delete* or *Terminate* or *Remove* or *Update* or *Modify* or *Change*) \"\\\"eventSource\\\"\" \"\\\"eventName\\\"\" account={{account}} \n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| parse field=event_source \"*.amazonaws.com\" as aws_service\n| where event_source matches \"*.amazonaws.com\" and (event_name matches \"*Create*\" or event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\" or event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\")\n| if (event_name matches \"*Create*\", \"Create\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\", \"Delete\", if (event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\", \"Update\", event_name))) as activity\n| count by activity, aws_service\n| transpose row activity column aws_service",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -496,14 +551,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ApiGateway metric=count Statistic=sum account={{account}} region=* apiname=* | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -520,14 +578,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account={{account}} region=*  loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -544,14 +605,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/lambda metric=Invocations statistic=Sum account={{account}} region=* functionname=* | sum by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -568,14 +632,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/dynamodb metric=SuccessfulRequestLatency Statistic=SampleCount account={{account}} region=* tablename=* | sum by tablename, namespace, region, account | eval round(_value)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -610,14 +677,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/ecs metric=CPUUtilization statistic=Average account={{account}} region=* ClusterName=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -634,14 +704,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/ecs metric=MemoryUtilization statistic=Average account={{account}} region=* ClusterName=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -658,14 +731,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/elasticache metric=CPUUtilization statistic=Average account={{account}} region=* CacheClusterId=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -676,7 +752,7 @@
                 {
                     "id": null,
                     "key": "panel715899D4A61D7A4E",
-                    "title": "Network Load Balancer (NLB)",
+                    "title": "SNS ",
                     "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "TextPanel",
@@ -686,19 +762,22 @@
                     "id": null,
                     "key": "panel892FA012BAB81847",
                     "title": "TLS Negotiation Errors by NLB",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/NetworkELB metric=*TLSNegotiationErrorCount statistic=Sum account={{account}} region=* loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -715,14 +794,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/networkelb metric=ActiveFlowCount Statistic=Sum account={{account}} region=* loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -739,14 +821,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region=* LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -763,14 +848,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region=* LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -787,14 +875,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/elasticache metric=FreeableMemory statistic=average account={{account}} region=* CacheClusterId=* CacheNodeId=* | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -820,14 +911,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"\\\"eventsource\\\"\" account={{account}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source matches \"*amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -853,14 +947,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} Namespace=AWS/ELB metric=Latency Statistic=Average region=* loadbalancername=* | eval(_value*1000) | avg by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -872,19 +969,22 @@
                     "id": null,
                     "key": "panelPANE-9D6E7556A262C846",
                     "title": "ELB Errors",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} Namespace=AWS/ELB (metric=HTTPCode_ELB_4XX or metric=HTTPCode_ELB_5XX) Statistic=Sum region=* loadbalancername=* | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -901,14 +1001,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ELB metric=RequestCount Statistic=Sum account={{account}} region=* loadbalancername=* | sum by loadbalancername, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -934,14 +1037,134 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} Namespace=AWS/ApplicationELB metric=ActiveConnectionCount Statistic=Sum region=* loadbalancer=* | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6BDD3F368212D94C",
+                    "title": "Network Load Balancer (NLB)",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-09B5C909AF85A945",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":28,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}}  namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel1018B3D7B3F7FA4A",
+                    "title": "Error Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":28,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count \n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-1861F2059CF4594F",
+                    "title": "Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel0C2C8078ADFC894A",
+                    "title": "Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} metric=NumberOfNotificationsFailed Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -974,7 +1197,6 @@
             "name": "1. AWS Region Overview",
             "description": "This dashboard provide detail information about your AWS account.",
             "title": "1. AWS Region Overview",
-            "rootPanel": null,
             "theme": "Light",
             "topologyLabelMap": {
                 "data": {
@@ -1152,6 +1374,26 @@
                     {
                         "key": "panelPANE-FF1759E1A405494E",
                         "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":39}"
+                    },
+                    {
+                        "key": "panel6D75DB3BBF940941",
+                        "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":52}"
+                    },
+                    {
+                        "key": "panelPANE-A67E1E6790C8BB43",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":0,\"y\":53}"
+                    },
+                    {
+                        "key": "panelCDF81464865EFA4B",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":6,\"y\":53}"
+                    },
+                    {
+                        "key": "panelPANE-C6267822895D8A45",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":12,\"y\":53}"
+                    },
+                    {
+                        "key": "panelAA208DA797134844",
+                        "structure": "{\"height\":5,\"width\":6,\"x\":18,\"y\":53}"
                     }
                 ]
             },
@@ -1165,14 +1407,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=AWS/Lambda metric=Errors statistic=Sum account={{account}} region={{region}} functionname=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1189,44 +1434,56 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/dynamodb metric=UserErrors Statistic=SampleCount account={{account}} region={{region}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/dynamodb metric=SystemErrors Statistic=SampleCount account={{account}} region={{region}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "B",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/dynamodb metric=ConditionalCheckFailedRequests Statistic=SampleCount account={{account}} region={{region}} | sum",
                             "queryType": "Metrics",
                             "queryKey": "C",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         },
                         {
+                            "transient": false,
                             "queryString": "#A+#B+#C",
                             "queryType": "Metrics",
                             "queryKey": "D",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1243,14 +1500,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=AWS/EC2 metric=CPU_Total account={{account}} region={{region}} instanceId=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1267,14 +1527,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/rds metric=CPUUtilization statistic=average account={{account}} region={{region}} dbidentifier=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1291,14 +1554,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=AWS/EC2 account={{account}} metric=Mem_Free region={{region}} instanceId=* | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1315,14 +1581,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/rds metric=FreeableMemory statistic=average account={{account}} region={{region}} dbidentifier=* | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1339,14 +1608,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ApiGateway (metric=4XXError or metric=5XXError) statistic=Sum account={{account}} region={{region}} apiname=* | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1358,19 +1630,22 @@
                     "id": null,
                     "key": "panelPANE-F361E48F8E269B40",
                     "title": "ALB Errors",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ApplicationELB (metric=HTTPCode_ELB_4XX_Count or metric=HTTPCode_ELB_5XX_Count) statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1450,14 +1725,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "(*Create* or *Delete* or *Terminate* or *Remove* or *Update* or *Modify* or *Change*)  \"\\\"eventSource\\\"\" \"\\\"eventName\\\"\" account={{account}}\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| parse field=event_source \"*.amazonaws.com\" as aws_service\n| where event_source matches \"*.amazonaws.com\" and region matches \"{{region}}\" and (event_name matches \"*Create*\" or event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\" or event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\")\n| if (event_name matches \"*Create*\", \"Create\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\" or event_name matches \"*Remove*\", \"Delete\", if (event_name matches \"*Update*\" or event_name matches \"*Modify*\" or event_name matches \"*Change*\", \"Update\", event_name))) as activity\n| count by activity, aws_service\n| transpose row activity column aws_service",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1474,14 +1752,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "\"\\\"eventsource\\\"\" account={{account}} sourceIPAddress\n| json \"eventTime\", \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"responseElements\", \"errorCode\", \"errorMessage\",  \"requestID\", \"sourceIPAddress\" as eventTime, event_name, event_source, Region, user_agent, accountId1, userIdentity, requestParameters, responseElements, errorCode, errorMessage, requestID, src_ip nodrop\n| where event_source matches \"*amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\") and region matches \"{{region}}\"\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isnull(latitude)",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1498,14 +1779,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ApiGateway metric=count Statistic=sum account={{account}} region={{region}} apiname=* | sum by apiname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1522,14 +1806,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1546,14 +1833,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/lambda metric=Invocations statistic=Sum account={{account}} region={{region}} functionname=* | sum by functionname, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1570,14 +1860,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/dynamodb metric=SuccessfulRequestLatency Statistic=SampleCount account={{account}} region={{region}} tablename=* | sum by tablename, namespace, region, account | eval round(_value)",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1612,14 +1905,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/elasticache metric=CPUUtilization statistic=Average account={{account}} region={{region}} CacheClusterId=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1636,14 +1932,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/ecs metric=CPUUtilization statistic=Average account={{account}} region={{region}} ClusterName=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1660,14 +1959,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/ecs metric=MemoryUtilization statistic=Average account={{account}} region={{region}} ClusterName=* | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1693,14 +1995,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/networkelb metric=ActiveFlowCount Statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1717,14 +2022,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1741,14 +2049,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account={{account}} region={{region}} LoadBalancer=* AvailabilityZone=* TargetGroup=* | sum",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1760,19 +2071,22 @@
                     "id": null,
                     "key": "panelPANE-1E7F8086B885C943",
                     "title": "TLS Negotiation Errors by NLB",
-                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/NetworkELB metric=*TLSNegotiationErrorCount statistic=Sum account={{account}} region={{region}} loadbalancer=* | sum by loadbalancer, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1789,14 +2103,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "namespace=aws/elasticache metric=FreeableMemory statistic=average account={{account}} region={{region}} CacheClusterId=* CacheNodeId=* | eval _value / 1073741824 | avg",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Manual",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1822,14 +2139,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "Namespace=AWS/ELB metric=RequestCount Statistic=Sum account={{account}} region={{region}} loadbalancername=* | sum by loadbalancername, namespace, region, account",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1841,19 +2161,22 @@
                     "id": null,
                     "key": "panelPANE-6DFA637C8E2A6B4F",
                     "title": "ELB Errors",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} Namespace=AWS/ELB (metric=HTTPCode_ELB_4XX or metric=HTTPCode_ELB_5XX) Statistic=Sum region={{region}} loadbalancername=* | sum by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1879,14 +2202,17 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} Namespace=AWS/ApplicationELB metric=ActiveConnectionCount Statistic=Sum region={{region}} loadbalancer=* | sum by account, region, namespace, loadbalancer",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
@@ -1903,14 +2229,134 @@
                     "panelType": "SumoSearchPanel",
                     "queries": [
                         {
+                            "transient": false,
                             "queryString": "account={{account}} Namespace=AWS/ELB metric=Latency Statistic=Average region={{region}} loadbalancername=* | eval(_value*1000) | avg by account, region, namespace, loadbalancername",
                             "queryType": "Metrics",
                             "queryKey": "A",
                             "metricsQueryMode": "Advanced",
                             "metricsQueryData": null,
                             "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panel6D75DB3BBF940941",
+                    "title": "SNS",
+                    "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "TextPanel",
+                    "text": ""
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-A67E1E6790C8BB43",
+                    "title": "Successful Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":28,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" !errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and isBlank(error_code) \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelCDF81464865EFA4B",
+                    "title": "Error Events",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":28,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":1,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\"  as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn  nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count \n",
+                            "queryType": "Logs",
+                            "queryKey": "A",
+                            "metricsQueryMode": null,
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelPANE-C6267822895D8A45",
+                    "title": "Notifications Delivered",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} metric=NumberOfNotificationsDelivered Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
+                            "parseMode": "Auto",
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
+                        }
+                    ],
+                    "description": "",
+                    "timeRange": null,
+                    "coloringRules": null,
+                    "linkedDashboards": []
+                },
+                {
+                    "id": null,
+                    "key": "panelAA208DA797134844",
+                    "title": "Notifications Failed",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{}}",
+                    "keepVisualSettingsConsistentWithParent": true,
+                    "panelType": "SumoSearchPanel",
+                    "queries": [
+                        {
+                            "transient": false,
+                            "queryString": "account={{account}} region={{region}} metric=NumberOfNotificationsFailed Statistic=Sum | sum ",
+                            "queryType": "Metrics",
+                            "queryKey": "A",
+                            "metricsQueryMode": "Advanced",
+                            "metricsQueryData": null,
+                            "tracesQueryData": null,
+                            "spansQueryData": null,
                             "parseMode": "Auto",
-                            "timeSource": "Message"
+                            "timeSource": "Message",
+                            "outputCardinalityLimit": 1000
                         }
                     ],
                     "description": "",
diff --git a/aws-observability/json/Sns-App.json b/aws-observability/json/Sns-App.json
index 12aaf943..9b33332c 100644
--- a/aws-observability/json/Sns-App.json
+++ b/aws-observability/json/Sns-App.json
@@ -1970,7 +1970,7 @@
                     "id": null,
                     "key": "panel93F3942D894F494E",
                     "title": "Highly Malicious IP Threats Table",
-                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[]}",
+                    "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [

From 3afeb453869c7eb692d640e937518b5e701491b3 Mon Sep 17 00:00:00 2001
From: soagarwal07 <soagarwal@sumologic.com>
Date: Thu, 28 Jul 2022 12:53:28 +0530
Subject: [PATCH 81/82] corrected color code

---
 aws-observability/json/Overview-App.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/aws-observability/json/Overview-App.json b/aws-observability/json/Overview-App.json
index f390c698..dad21b1d 100644
--- a/aws-observability/json/Overview-App.json
+++ b/aws-observability/json/Overview-App.json
@@ -1095,7 +1095,7 @@
                     "id": null,
                     "key": "panel1018B3D7B3F7FA4A",
                     "title": "Error Events",
-                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":28,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Sum\",\"label\":\"Events\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"No data\",\"hideData\":false,\"hideLabel\":false,\"rounding\":2,\"valueFontSize\":28,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":1,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1122,7 +1122,7 @@
                     "id": null,
                     "key": "panelPANE-1861F2059CF4594F",
                     "title": "Notifications Delivered",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [
@@ -1149,7 +1149,7 @@
                     "id": null,
                     "key": "panel0C2C8078ADFC894A",
                     "title": "Notifications Failed",
-                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{}}",
+                    "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"Notifications\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"overrides\":[]}",
                     "keepVisualSettingsConsistentWithParent": true,
                     "panelType": "SumoSearchPanel",
                     "queries": [

From 94f04347d5c07eb7f74f8934576e02d4e41cf8fd Mon Sep 17 00:00:00 2001
From: sumoanema <anema@sumologic.com>
Date: Thu, 28 Jul 2022 21:42:54 +0530
Subject: [PATCH 82/82] defining scan interval for ec2 cloudwatch source
 creation

---
 .../apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml
index 34562419..d49be238 100644
--- a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml
+++ b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml
@@ -140,6 +140,8 @@ Mappings:
       ScanInterval: 300000
     SNS:
       ScanInterval: 300000
+    EC2:
+      ScanInterval: 300000
 
 Conditions:
   # Sources Conditions