I have this filter, but it searchs just a one IP. How to and another IP to search e.g "bb.bb.bbb.bb"?
It is possible?
{
"query": {
"match": {
"ip": {
"query":"xx.xxx.xxx.xxx",
"type": "phrase"
}
}
}
}
Ok but how to do when he have e.g 50 values to filtr? Copy/past doesnt work.
Yeah, there isn't a great way to do that at the moment. You can click "Edit Query DSL" and modify the JSON with copy/paste, but that's not ideal. Please feel free to open an enhancement request on our github repo.
Thanks! Can we filter without duplicate ? I have a few record with the same IP, and I need to filter without duplicate IP. Can we do this ?
Sorry, I'm not sure what you mean exactly, can you elaborate?
When I use filtr "IP" - The kibana finds me e.g 100 logs.
The logs has differents values but some logs has the same IP.
I just need to use some filtr becasue I would to see logs without duplicate IP.
So you'd only like to see documents that contain an IP that is unique to that single document?
If my understanding of the question is correct, this is a tough one to solve. There isn't a good way to automatically filter out duplicates. Depending on your data and use case, you might be able to first create a visualization with a terms agg on the IP field and a min_doc_count of 2. This would find all the IPs that appear more than once. You could then grab all those IPs and manually create a filter that filters them out. It's not a great solution, but maybe it could work for you.
In the future we'd like to enhance Kibana so that it could do these types of multi-step queries automatically.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.