Kibana: find IP addresses that are in two different indexes

stcdarrell · June 20, 2020, 12:29am

hi, i'm having trouble wrapping my head around the best way to query kibana. I have indexes lets just say:
Index-Business1-firewall-Logs
Index-Business2-filewall-Logs

i have a kibana Index Pattern that is Index-Business*, so both businesses firewall data is displayed
i have fields for source and destination IP's. [source][ip] and [destination][ip]

i need a query to find what destination ips are in BOTH indexes.

basically:
[destination][ip]:* AND (_index: Index-Business1-firewall-Logs AND Index-Business2-firewall-Logs)

but that doesnt seem to work.. any suggestions?

to make it even fancier.. i'd love to limit the source address to an internal address and do the same search.. so:
([source][ip]: 172.) AND [destination][ip]: AND (_index: Index-Business1-firewall-Logs AND Index-Business2-firewall-Logs)

thank you
Darrell

mattkime · June 25, 2020, 1:46am

If you have an index pattern that covers multiple indices then something like destination.ip : *

If you're still having trouble it might be helpful to show a screenshot of the searchbar.

system · July 23, 2020, 1:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Make two indexes which different fields communicate Kibana	4	407	May 24, 2021
Match Field Contents Kibana	3	721	July 6, 2017
Kibana query help, find entries that occur on two different sites Kibana	2	243	September 17, 2020
[Kibana 7.10] How to search from all Index Patten Kibana	4	269	October 7, 2021
Question About search in Kibana Kibana	2	280	November 26, 2020

Kibana: find IP addresses that are in two different indexes

Related topics