I am coming from a Splunk environment and I am struggling a little bit with the search syntax in Kibana. Are there Kibana equivalents to commands like stats?
For example when looking at intrusion prevention logs I would do "index=firepower | stats count by sig,dest_ip"
This would yield a list of the number of times that signature was seen at each unique destination ip. How can something similar be achieved with Kibana and ES?
You'll want to create a data table visualization, and select for metrics the unique count of signature, then select for buckets a terms aggregation on destination IP. Let me know if that works!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.