Hi, i'm looking to do correlation searches in elastic (kibana 4.4 actually) is there a way to have a search like the following - 1 - find all ip addresses from a certain type (lets say from critical stack intel, via filebeat to logstash and elastic) 2 - find all outgoing connections with bro ids …

muhamadli302 (Muhamadli302) July 13, 2016, 11:25am 2

I have a similar problem, would be happy to get some advice

Topic		Replies	Views
Logstash elasticsearch filter plugin Logstash	2	582	July 6, 2017
Enrich existing elasticsearch index with new fields from logstash Logstash	2	752	January 29, 2017
Correlate field Elasticsearch	4	1248	May 18, 2017
Search query problem Elasticsearch	11	532	July 6, 2017
Enrichment with recent logs Logstash	5	699	April 20, 2019

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Event Correlation \ populate one field with data from other field in elasticsearch

Related topics