Hi team,
I'm new in elastic stack , please i need a procedure how to extract all the source logs IP and status if possible, for example i have 10 servers linux redhat integrated in elastic with auditbeat and i have 10 windows integrated with winlogbeat how to extract all this servers with hostname and status with last event.
Thanks in advance
Hi @UP_NEWS,
Is there a particular format you're looking to export it into? One possible way is to query the dataset in the Discover app in Kibana and either share the link or export to CSV:
i don't need to export data i need to extract IP of servers integrated in ELK and their status if possible.
What do you mean by extract?
GET all ips adress for endpoints like : pc /switch / servers ... without logs only IP and time of last event
You should be able to use Discover to see the data you need by selecting the relevant columns (i.e. ip and @timestamp) and the time range that you are interested in within the datepicker:
That will show only the fields in your document that you want to see.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
