We store our load balancer logs in elasticsarch and use kibana for querying.
In Kibana - Discover I can add a filter for IP address which will display the IP address from each request. But is it possible to just count each unique value so we can identify the number of requests per IP address. I figure this should be very straightforward but I cannot work out how to do it. I was expecting there to be a count() of similar function
Hello. The API query for unique values would look like this
GET your-index/_search
{
"size" : 0,
"aggs" : {
"my-agg" : {
"cardinality": {
"field" : "ipAddress"
}
}
}
}
I know you're asking to do this in Discover, and I struggle with this as well. You can do a terms lens visual but it only shows the "top N" where you can set N but not up to a huge number since that's difficult to visualize.
Curious if / when you get the answer to this.
Hi @user-27022024 Welcome to the community.
What version Kibana are you on?
Depending on what version you are on, this can be very simple like click and and see the distribution.
In discover you should just be able to click on the fields name in the field list and it will show you percentage breakdown
If you click on visualize, it will create a chart , just change horizontal to like top 25
This is a bar Chart but you can Do Table, Pie Chart etc.etc..
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
