Help about Kibana

Hi Professionals,

I just took a course about ELK, right now I was asked to analyze log data (source_ip, destination_ip and messages information in the log document)
the question is that Which outside IP is coming into our local IP.

Any ideas?

Thanks

Mary

Could you share the log data which you are trying to analyze?

How can I export my search result?

when I export saved object in Kibana, I got this file and no data:
[
{
"_id": "7e9080f0-1204-11ea-b236-cd2ec6489a2c",
"_type": "search",
"_source": {
"title": "marysearch",
"description": "",
"hits": 0,
"columns": [
"message",
"destination_ips",
"source_ips"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":":logstash-","highlightAll":true,"version":true,"query":{"language":"kuery","query":""},"filter":}"
}
}
}
]

I want to get all results: only outside IPs talk to internal IPs (No internal IPs visit internal IPs)
{
"query": {
"bool": {
"must_not": [
{
"multi_match": {
"query": "10.",
"field": [
"source_ip",
"destination_ip"
]
}
}
]
}
}
}

But not working (10.xx.xx means internal IPS)

How do you ingested the logs?
can you share the raw logs?

Logs data are from Security Onion

I can send 10 samples raw data, but I can not send word file

Simply a snapshot of the logs would do, remove any sensitive information on the same