Hi,
@timroes
Thanks in advance.
I want to filter all the events with same source ip and destination ip's with different port numbers in a time interval of 15minutes.
srcip,dstip,dstport are the field names.
Can you please help me to achieve this.
Please let me know any of the options like visualization charts,searches or alert methods.
You could create a scripted field that could then be easily filtered on.
doc['srcip'].value == doc['dstip'].value && doc['srcport'].value != doc['dstport'].value
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.