Hi, I'm new to the ELK stack and I'm looking for a way to filter my apache logs using an ip blocklist. There a way thru the Kibana GUI or I have to work directly on Logstash?
assuming your data was correctly indexed (clientip field from your apache logs should be of IP type) you then have two options:
-
in visualizations you can aggregate on ip range (so ips from one range go to one bucket, ips from some other ranges to other buckets). just go to visualize, choose your visualization (lets say pie), click on split slices and then select IPv4 range as aggregation type
-
filter your existing visualizations on IP ranges:
in the searchbox (where you have * at the moment to select all records) put a range filter on clientip field:
clientip:[1.168.1.100 TO 120.168.1.102]
So, I've to list all the IPs manually, is it not possible to use another index or a text file?
i guess you could use a text editor to properly format your blocks and then copy paste to kibana