I am looking for the best way to go about comparing data between some IP's. What I want to happen is that I only see an IP address if that IP appears on both specific days.
I can sort of do that in a bar graph. I make the X axis the IP and then sub buckets for the days, but data that only has one day is still showing.
I have 2 separate files uploaded into Elastic Stack. One of the Dates is for December and the other is for November, so maybe something basically saying:
if IP is in "December" and "November" then display on chart
Do you have a way you recommend I present the data as I generically described ? (Kibana 4.5)
In the bar graph visualization for instance, I can type in the search bar
Date: 29-Nov-17 Date: 5-Dec-17
and that will display IPs from those two dates. I have the X axis with IPs, Y axis with Unique Count of the IPs, and a sub bucket with the dates. What I want to see is ONLY the IPs that appear on BOTH days.
As you can see there, some of the IPs along the bottom only show up on the one day while the ones with the green on the bottom and blue on the top represent the IP showing on both days. I'd like to only see the IP's that show up on both days.
As you can see in the image, there is one IP that hit on 4 days and 21 other address that hit in November and December. It also shows other IPs that have hits on one day and not the other based of where the node is for that date.
If anyone has any questions about the chart, feel free to comment and I will reply when I can.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
? (Kibana 4.5)
