Hi all, new to Elasticsearch, primarily use Splunk. I'm looking to generate stats for some queries. For example:
EVENTNAME:"Prevent DLLs from jumping over rainbows"
In Splunk if I wanted to see all event names captured in logs for a certain index, at a high level I would do:
index=endpointsecurity (for example) | stats count by EVENTNAME
And a stats table would be presented with all event names observed over the last x amount of time for endpoint security logs, along with a "count" column showing how many times each event name was observed. Did some research and couldn't find out if this is possible in Elasticsearch / Lucene. Any help is appreciated.