Suppose we have log files with the following structure :
Doc 1 :
Recieved_at Risk
"2019-06-26T20:32:57.008Z", "High", "VULN1"
"2019-06-26T20:32:57.008Z", "High", "VULN2"
"2019-06-26T20:32:57.008Z", "Meduim", "VULN3"
"2019-06-26T20:32:57.008Z", "Low", "VULN4"
"2019-06-26T20:32:57.008Z", "Low", "VULN5"
Doc 2 : (the latest version of the same doc)
Recieved_at Risk
"2019-16-26T20:32:57.008Z", "High", "VULN1"
"2019-16-26T20:32:57.008Z", "Meduim", "VULN3"
"2019-16-26T20:32:57.008Z", "Low", "VULN4"
"2019-16-26T20:32:57.008Z", "Low", "VULN5"
The two documents are periodically generated from a vulnerability scanner, and they are related to the same target .
I've managed to parse and import those reports to ELK using logstash filters, And now I'm looking for a way to create a visualization (risk dashboard) based on the latest generated report.
I tried to use the count metric, but I don't have control over the date/time parameter.
Is there any possibility to do that ?