Hi,
I'm new to the elastic stack, and I'm trying to create a data table with the following information in a single line :
- date/hour/second of the started win10 session
- date/hour/second of the ended win10 session
- session duration (hour/second)
- hostname of the machine been used for the session
- ip of the machine
- Os the machine
I'm using winlogbeat for this.
I tried to use bucket aggregation, transforms ... But it's hard for me to understand everything, and the task look a little hard for a beginner.
I successfully created this data table, but there are 2 problems :
Lines are separated from the event.action type "logged-in" and "logged-out" and I would like these informations to be in the same line (with 2 rows). + i would like to have the session duration (calculated from end_session - start_session).
Does anyone have already faced this problem ? Does anyone know how to create this kind of data visualization ?
Thanks for your answers,
Louis lelievre