Kibana Visualization - combine filters

rmoat · February 11, 2020, 8:45pm

Hello,

I'm trying to combine two filters together for a visualization, but it is not functioning correctly at all.
I wanted to combine: winlog.event_id:4723 and winlog.keywords:"Audit Success". When I do that, I'm getting a count of 53 events.

So I created a column for winlog.event_id:4723 which has a count of 1.
And one more column for winlog.keywords:"Audit Success" which has a count of 6.

So, if it were working correctly, that first filter should show a count of 7.

I haven't really found any recent posts about this, and perhaps I'm searching for the wrong thing. Is there any way I can solve this issue?

See screenshot for what the visualization looks like:

vinu89 · February 12, 2020, 6:51am

As per my understanding you have to get a result with winlog event id:4728 and whose keywords are success.Remove whatever you have given in aggregation just set the Y axis to count and .Select Add filter which is on the top and put your first condition there

Then after this click on add filter and do the same with winlog.keywords:"Audit Success"

rmoat · February 12, 2020, 2:28pm

That's great, and that really was a very simple solution. Thank you for your help!

Topic		Replies	Views
Kibana need to combine results or change filter Kibana	2	478	July 6, 2017
Apply a filter to a count on the y-axis of a bar vizualization Kibana	2	569	December 22, 2020
Combine multiple views into one graph Kibana	2	1618	February 22, 2021
Filtering records in kibana based on conditions Kibana	11	1351	May 25, 2020
Is there any way to count two similar elements together in kibana visualization? Kibana	4	539	August 20, 2020

Kibana Visualization - combine filters

Related topics