I am very new to ELK and am probably jumping into the deep end but I have setup an elk server to take in the logs from our firewall. It is doing just that without issue (using netflow and syslog for now). My problem is with visualizations. First my complaint. I find all of these people online who created awesome visualizations for monitoring network devices but there is not a how to for any of them. So I am milling my way through it.
My problem. I am trying to display a table of the top 5 unique denied ip addresses at any time on the router. Right now the table shows the IP address (from GeoIP) and the count. I would like it to have some additional data such as GeoIP location. This could help when determining if my firewall is being scanned/attacked as well as just provide me some additional detail for my dashboard. Is there a way to add a field to a data table??
Thanks,
Brad
(the very new guy)