Hi Professionals,
I just took a course about ELK, right now I was asked to analyze log data (source_ip, destination_ip and messages information in the log document)
the question is that Which outside IP is coming into our local IP.
Any ideas?
Thanks
Mary
Could you share the log data which you are trying to analyze?
How can I export my search result?
when I export saved object in Kibana, I got this file and no data:
[
{
"_id": "7e9080f0-1204-11ea-b236-cd2ec6489a2c",
"_type": "search",
"_source": {
"title": "marysearch",
"description": "",
"hits": 0,
"columns": [
"message",
"destination_ips",
"source_ips"
],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{"index":":logstash-","highlightAll":true,"version":true,"query":{"language":"kuery","query":""},"filter":}"
}
}
}
]
I want to get all results: only outside IPs talk to internal IPs (No internal IPs visit internal IPs)
{
"query": {
"bool": {
"must_not": [
{
"multi_match": {
"query": "10.",
"field": [
"source_ip",
"destination_ip"
]
}
}
]
}
}
}
But not working (10.xx.xx means internal IPS)
How do you ingested the logs?
can you share the raw logs?
Logs data are from Security Onion
I can send 10 samples raw data, but I can not send word file
Simply a snapshot of the logs would do, remove any sensitive information on the same
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.