Hello everyone, I have something looking as a trouble in my Kibana, so I need to ask about searching in Kibana.
I want to make search by ip in Kibana search string, I have "destination.ip" field in IP format and "destinationip" field in string format:
First field was added to index pattern that I uploaded to elastic by curl -X POST, and second appeared when I added data to elastic, but it hasn't field in index pattern
If I try search ip in search string I recieve next null result:
If I search as "destinationip:[IP]" I recieve this not null result:
If I search as "destination.ip:[IP]" I recieve this not null result:
So, my question is: Is it possible to make search typing ONLY ip addres in search string, without any keywords? If yes, what I should do? If I add "destinationip" in index pattern and put it in to elastic by curl POST command I will be able to make search this way?
For example it's works for event.type string field that added to index pattern :
"destinationip" string field too, but this type of search doesn't work for it, maybe because it not added to index pattern