HI, I have been trying to figure this out for few days, and I am still confused whether I can do this in logstash or in elasticsearch.
I want to analyze a specific field (i.e. src_ip) and compare with src_ip on different date to display the new IPs that has not been shown yet based on user pick time (--1d | -2d...).
If there is more IPs or OS are detected display the new ones.
If there is less display removed ones.
How can I approach to get this value?