I have following sample data which include two fileds src_address and threat_name,
10.1.1.2 | virus_infected
10.1.1.2 | port_scan
10.1.1.3 | botnet_call_home
10.1.1.3 | suspicious_dns_request
How can I aggregate and visualize to get following display ?
10.1.1.2 | virus_infected, port_scan
10.1.1.3 | botnet_call_home, suspicious_dns_request
Many thanks !
Hi @Hoan_Le,
this looks like a data table visualization with a src_address Terms aggregation as the buckets and a Top Hit aggregation on threat_name as the metric. It could be configured something like this (with different field names, obviously):
thank you Weltenwort,
Agrregation with Top Hit is great way. But can we dedup duplicate values "in the Last 5 match.os" columns ?
Unfortunately I can not think of a way to achieve that right now. Only simple concatenation is supported for the top hit results. It would make a good enhancement request, which you can file in Kibana's GitHub repository.
Thank you for your replies, Weltenwort
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.