Hello There All,
This is my first post. I fully admit that I am a total newb to Kibana. Up until this past month I was only using it to view data that we have. But I am slowly starting to be tasked with making up new visualizations and saved searches to display our logs in better ways. I have been able to "cheat" some up to this point. I.E. Use other saved searches or visualizations and modify them for our purposes. If someone posts a response with just code I will stare at the screen and just get a blank look. LoL So please, can someone kindly help a total newb with the following in a way that I might be able to follow along?
Right now I have a saved search that displays beat.hostname and a @timestamp. But it displays every time that a log is sent from each hostname. The data that I want to be able to show is this.
Only the most recent log that that each host sends. My purpose is to make sure that the systems are sending out logs correctly. That the PC's sending out the logs aren't turned off, or are not logging correctly, but that they are shipping logs as they should be. So, right now I am having to comb through a long list that shows the same host tons of different times instead of just being able to go down checklist style and being able to easily see which, if any PC's are not sending logs.
Is there a way... that some kind person can explain ABC style to me... of how to do this? I thank you in advance!
Have a great day.
also thank the author for sharing the info.