Hi,
I am trying to create a visualization of the lowest package installed on multiple Hosts.
I am using osquery to get the package-list and send it via filebeat (it-compliance-pack). For example I have the following data.
Host | package- name | version |
-----------------------------------------
host1 | filebeat | 6.6.0 |
host2 | filebeat | 6.6.1 |
host3 | filebeat | 6.6.0 |
host4 | filebeat | 6.6.1 |
The output should look like this.
| packagename | minimal packet Version | count (hosts with lowest packages) |
-----------------------------------------------------------------------------
| filebeat | 6.6.0 | 2 |
What I tried to do:
Create: Data Table Visualization -> ... and than look at the screenshot:
In the screenshot you see, that I have 2 hosts. I filtered for the package "firefox". We can see that both have installed the newest version, but also that host1 has also installed an older version. We can also see the amount of times, a package was send.
I don’t know how to count the users only with the older version, so I get an output like this:
| packagename | minimal packet Version | count (hosts with lowest packages) |
-------------------------------------------------------------------------------------
| firefox | 61.0.1+build1-0ubuntu0.18.04.1 | 1 |
I hope you can help me with that.
kibana version: 6.6.0
elasticsearch version: 6.6.0
filebeat: 6.6.0