I'm collecting hundreds of thousands of logs from a firewall (Cisco ASA).
On every log record, among other details, I have destination ip addresses and destination ports.
Now, I need to have an aggregated list of all destination ip addresses and destination ports.
I tried using both terms aggregation and significant terms aggregations, but neither of the 2 works well, because I always find something in the logs that has not been included in the aggregated list.
src 10.1.1.177:50022 dst 10.2.1.1:80
src 10.1.1.1:5000 dst 10.2.1.1:443
src 10.1.1.54:5000 dst 10.2.1.1:443
src 10.1.1.85:5000 dst 10.2.1.1:443
src 10.1.1.1:50022 dst 10.2.2.1:990
src 10.1.1.112:50022 dst 10.2.2.1:990
src 10.1.1.177:50022 dst 10.2.2.1:990
From the example above I want:
10.2.1.1:80
10.2.1.1:443
10.2.2.1:990
From that data I will later create a pivot table in Excel.
What kind of aggregation do I need?