Hello everyone,
Packet beats are really awesome, but I don't know how to calculate each IP address count per day,Avg requests per day,bit size,byte size with respect to IP in packet beats ?
These metrics are normally computed by query from elasticsearch. You planing to query elasticsearch youself, or do you want to create visualizations/dashbaords in kibana?
The packetbeat kibana dashboards do contain some sample dashboards and visualizations. You can click on edit button to figure out how they are build. In addition, kibana can show you the query executed for a particular query.
Thanks for your reply Steffens Siering,
Well,
I am new to #beats and #ELK stack and I have seen the kibana dashboard editing stuff, but I would like to make it dynamic visualisation(If it is kibana--static configuration, every time need to set up for avg.count from unique IP address etc) .But using ES(elastic search for dynamic ) seems to be work based on your reply,Could you please specify some tutorials - related to ES coding etc.Let me know if I understood wrongly.
The kibana docs contain a getting started: https://www.elastic.co/guide/en/kibana/current/index.html
When creating a visualization you can bind it to a search query. Plus, when viewing the dashboard you can dynamically reduce data by filtering in the search bar or use field filters.
Have you had a look at dashbaords shipped with packetbeat? Maybe they already contain the information you're interested in. Use discover to learn about structure and filter for events + apply filter to dashboard.
All dashboard state (actual dashbaord + filters) is stored in the URL. That is you can bookmark and share dashboards with filters applied.
Thanks for reply steffens, I will work out and let you guys know in this forum 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.