I am currently ingesting Apache logs through Filebeat via Logstash into ElasticSearch to create a data table in Kibana to display a list of all IP addresses which are trying to hit a certain resource.
Eg. in the apache access log, show how many times a client ip has requested '/images'.
At the moment, I have this working via a filter on the request field and the table appears as:
IP address, Count
10.10.10.1, 16000
10.10.11.2, 14000
20.20.20.1, 16731
20.20.21.2, 1
As we have multiple sites hitting our Apache server though, it is possible to group the IP addresses and label them as a site name?
Eg. 10.10.10.1 and 10.10.11.2 = site 1
20.20.20.1 and 20.20.21.2 = site 2
So I could create a table like:
Site Name, Count
Site 1, 30000
Site 2, 16732