Compare difference in field over time

shong · July 12, 2018, 2:31pm

HI, I have been trying to figure this out for few days, and I am still confused whether I can do this in logstash or in elasticsearch.

I want to analyze a specific field (i.e. src_ip) and compare with src_ip on different date to display the new IPs that has not been shown yet based on user pick time (--1d | -2d...).

If there is more IPs or OS are detected display the new ones.
If there is less display removed ones.

How can I approach to get this value?

system · August 9, 2018, 2:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help to create a suspicious domains indicator (please)! Elasticsearch	2	352	August 2, 2018
Logstash issue Logstash	2	284	March 14, 2023
Trying to apply filter on time-difference scripted field Elasticsearch	2	963	February 27, 2018
【Logstash】 I want to calculate the difference of field value Logstash	2	455	December 4, 2019
Difference between two fields based on a field value filter Elasticsearch	1	700	November 18, 2019

Compare difference in field over time

Related topics