Comparing data from csv (imported in Elastic) and indexed events in filters

radheraj1431 · March 18, 2018, 7:13am

Hello All,

We have imported some csv files in Elastic. Now we want to compare some event fields with the values of the fields in csv and use it in filter for various purpose.

For example, we have imported csv of domain user account names in ELasticSearch. We have integrated Windows Active directory with ELK and receiving authentication events in Elastic. Now we want to monitor the domain account users activities and need to compare user names from the csv imported in ELasticSearch. It is not feasible to put all the user name in OR condition and use in filter. So, we are thinking of comparing it from the csv.

Is there a way to accomplish this in Kibana?

Thanks.

dadoonet · March 18, 2018, 7:31am

Best thing to do is to enrich your events at index time.

system · April 15, 2018, 7:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding fields from csv to event that's a log Elasticsearch	2	603	July 5, 2017
Add field from csv to event log send by logstash Logstash	24	3384	April 13, 2017
Kibana Searches Using CSV file Kibana	2	1073	October 3, 2019
Import csv and match on column values Kibana	0	71	May 29, 2024
Data visualisation from different datasets Kibana	2	896	April 9, 2018

Comparing data from csv (imported in Elastic) and indexed events in filters

Related topics