Kibana - Table without time

Chloe_Boissavy · January 13, 2023, 9:54am

Hello,

I have Kibana 8.3.3.
I have firewall data so data with IP address.
In the same indices, I have list of IP address.
I would like to create a table with IP address from firewall (src IP) and compare it with the list of IP address.
Is it possible to create a table with first column firewall IP address, and second column list of IP address but this second column need to be independant of time.
So for example, first column we have src IP since 15 minutes and second column all the list of IP address.

Can you help me ?

Thanks.

Marco_Liberati · January 13, 2023, 10:04am

Hi @Chloe_Boissavy

can you mock up an example table with the desired result you are looking for?

Chloe_Boissavy · January 13, 2023, 10:52am

Hi Marco,

I imagine something like that :

So src are IP used since 15 minutes and listIP is just a IP address list but not influenced by time.

Thanks to your help.

Marco_Liberati · January 13, 2023, 10:54am

So all M entries in column 2 will be repeated for every column 1 entry?

Chloe_Boissavy · January 13, 2023, 10:58am

Yes it's that.

Marco_Liberati · January 13, 2023, 11:19am

Not sure that is possible. But what's the use case for repeating over and over the second column? Maybe there's another way/representation that can help on the specific comparing use case.

Chloe_Boissavy · January 13, 2023, 1:09pm

I am using the plugin kibana-enhanced-table and I try to compare IP in column "src" to each IP in column ListIP. If it's the same IP, in a new column we have "WARNING" if not "SAFE".

system · February 10, 2023, 1:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.