Hi,
First of all, sorry in advance for my english it's not my native tongue I'm french.
I face a rather intriguing problem with the way I should handle my data in Elasticsearch.
I use masscan to scan some IP adresses. I set it up to give me results on open ports with this format (one port per line) :
open tcp 22 10.0.0.1
open tcp 23 10.0.0.1
...
I'm satisfied with my logstash pipeline and my mapping in elasticsearch.
Now I want to do a pie chart on kibana on, for example, the percentage of port 22 that are open.
But since masscan only sends me result on open ports, Kibana has no idea on how many ports in total were scanned.
Does that mean I have no choice but to force masscan to give me an output for every single port it scanned?
Thanks for your answers and do not hesitate to tell me if I wasn't clear enough
ELK + Filbeat 5.4.0 on Ubuntu 16.04
No one really cares about english errors/typos/... Feel free to ask.