hi, i'm struggling to sort out how to get a query to work.
I have two sites sending logs via filebeat into an ELK stack.
Each entry will have a field called "site" along with a bunch of log info (ip address, port, etc)
what i'd like to do is have a query that shows ip addresses that appear at both sites, and how many times they hit the sites.
Example:
IP: 192.168.1.134
Port: 53
Site1 Count: 153
Site2 Count: 27
any suggestions on how i could do this?
If I'm understanding you correctly, your site field is a nested field with a bunch of data inside?
If so, that'll make it hard to work with so I'd recommend splitting it up into individual fields.
If the formatting of your example is important to you, probably the best way to do it would be a markdown visualization which I think you can only create within Canvas. Otherwise, you can create a couple of metric visualizations for each count you're looking for.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.