Hello all!
I have some questions about my elk + packtebeat solituons. I'm using packetbeat to collection statistic about my servers. In the packtebeat have very good visualization called "netwrk traffic beetwen my hosts" when i can show src/dst ip, port and protocol statistics for current connections. But i began to notice that not all connections fall into this visualization. What can be done about this?
And then i decided get statistics about connection through "discover" in kibana. I entered ip address filter like that "*xx.xx.xx.xx" and chosed time period at one week. I got full statistiks, but it is too hard for view and analytics. Can i apply some filter which will except same line? For example, in the output can be 1000 same line about connection IP A to IP B. It isn' imposible for analytics.