I have indexed our firewall syslogs. I am wondering if it's possible to create a dashboard with text boxes that would apply filters. For example, there would be src_IP, dst_IP, src_Port, dst_Port, etc.... boxes that would filter on any of the fields. If the text box was blank, it would act like an * for that field.
We don't have a UI like that, but you can achieve the same thing a couple different ways:
- You can apply the queries you need to the query bar at the top, for example
src_IP:10.0.0.1or whatever it is you need to search for. You can also leave all the fields there by using
*as the query value, like
src_IP:* AND dst_IP:* AND ...
- You can add filters for each of the fields you need, and enabled/disable the fields as needed. You can also use the editor to change the values as needed.
This is from Kibana 5, but the interface is the same in 4.x, and I think the feature was added in 4.2 or 4.3.
Thanks for the response. I was hoping to eventually create an aggregator that could combine multiple sources of logs and create a unified 'source_ip' field (instead of having to remember each identifier for each source). Is there a way to request this sort of functionality in the future?
Absolutely, feel free to open an issue in the repo. It's a neat idea for sure. Be sure to provide as much detail as possible.