Hello! Thanks for help in advance.
I have a pretty big index about 80+ Gib of data containing multiple fields, such as ip addresses, time, requests, etc.
And I need to make a search of around 1000 unique addresses in this index from Kibana to visualise this data. Is there a proper way to do it instead of search like "ip:x.x.x. OR ip:y.y.y.y OR ip:z.z.z.z thousand times?"
Does this list of addresses you want to identify change over time?
Yes, it is. For future searches I can use enrich processor with ingest pipeline, but with historical search I have problems.
Maybe a runtime field with a lookup?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.