I apologize if I don't use the proper terminology, I'm new to ELK. I've done a lot of searching on this, but haven't found the answer...it's so simple that I'm sure I'm just not using the right terminology or it's Kibana 101.
I have two inputs in Logstash, one with some firewall logs and one with some IP addresses. I want a list in Kibana of IPs that are only in both logs.
I've used grok filters to make the IP field names the same for both log files (src_ip) and I've tried making them different per log file (src_ip1 & src_ip2), but I can't figure out how to say "give me a list of only the IP addresses that are in both of these log files".
I'm surprised that there isn't some "src_ip1" == "src_ip2" search for data IN Kibana. If I copy the src_ip2 data and paste it into a search box in Kibana into the search box, that works...but there are thousands of src_ip2 IP addresses.
Is there a way to search data that isn't in Kibana? Like search a lookup table or something?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.