Hello there!
I am migrating from Sumo Logic to ELK and I am struggling creating the same or similar panels for a dashboard I am working on.
I am analyzing firewall logs and would like to create a table of the top ten blocked IP addresses and their occurrence count. I figured out how to do that using a Data Table visualization. However, I am struggling to add additional columns for context like I was able to do in Sumo Logic. E.g. I want to add columns for country and city based on geoip (all my events have geoip fields through the geoip plugin and of course each aggregate row has the same geoip info since my aggregation is based upon the IP address field) but I can't seem to find a way to build anything like it.
ELK and Sumo Logic work very differently and I am new to ELK. I welcome any advice you might have.
For your reference, I attached a screenshot of my Sumo Logic dashboard panel that I am trying to emulate in Kibana.
Thank you all!
Cheers.
Volker
