Hi,
I am exploring using ELK and imported in this json document:
{
"_index": "system-inventory-[version]}-2020.11.07",
"_type": "_doc",
"_id": "O0X1o3UBD7PZ5Lh--gIu",
"_version": 1,
"_score": null,
"_source": {
"host": "10.42.1.1",
"osversion": "Microsoft Windows 10 Enterprise",
"computername": "WIN10CLIENT",
"software": [
{
"DisplayName": "7-Zip 20.02 alpha (x64)",
"DisplayVersion": "20.02 alpha"
},
{
"DisplayName": "Git version 2.27.0",
"DisplayVersion": "2.27.0"
},
{
"DisplayName": "Mozilla Firefox 80.0.1 (x64 en-GB)",
"DisplayVersion": "80.0.1"
},
{
"DisplayName": "Mozilla Maintenance Service",
"DisplayVersion": "80.0.1"
},
{
"DisplayName": "SAPIEN PowerShell Studio 2020",
"DisplayVersion": "5.7.181.0"
},
{
"DisplayName": "SAPIEN Updates",
"DisplayVersion": "1.1.37.0"
},
{
"DisplayName": "SAPIEN ScriptMerge 2020",
"DisplayVersion": "1.4.83.0"
},
{
"DisplayName": "PowerShell 7-x64",
"DisplayVersion": "7.0.3.0"
},
{
"DisplayName": "MiniTool Partition Wizard Free 12",
"DisplayVersion": null
},
{
"DisplayName": "VMware Tools",
"DisplayVersion": "10.2.1.8267844"
},
{
"DisplayName": "SQL Server Management Studio",
"DisplayVersion": "15.0.18338.0"
},
{
"DisplayName": "SQL Server Management Studio for Analysis Services",
"DisplayVersion": "15.0.18338.0"
},
{
"DisplayName": "Microsoft Visual C++ 2019 X64 Additional Runtime - 14.21.27702",
"DisplayVersion": "14.21.27702"
},
{
"DisplayName": "VNC Viewer 5.2.3",
"DisplayVersion": "5.2.3"
},
{
"DisplayName": "Microsoft .NET Core Runtime - 3.1.3 (x64)",
"DisplayVersion": "24.76.28628"
},
{
"DisplayName": "Microsoft .NET Core Host - 3.1.3 (x64)",
"DisplayVersion": "24.76.28628"
},
{
"DisplayName": "ScriptMerge 2020",
"DisplayVersion": "1.4.83.0"
},
{
"DisplayName": "Beats metricbeat 7.9.3 (x86_64)",
"DisplayVersion": "7.9.3"
},
{
"DisplayName": "TightVNC",
"DisplayVersion": "2.8.27.0"
},
{
"DisplayName": "Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161",
"DisplayVersion": "9.0.30729.6161"
},
{
"DisplayName": "Update for Windows 10 for x64-based Systems (KB4023057)",
"DisplayVersion": "2.67.0.0"
},
{
"DisplayName": "SQL Server Management Studio",
"DisplayVersion": "15.0.18338.0"
},
{
"DisplayName": "Duo Authentication for Windows Logon x64",
"DisplayVersion": "4.1.0.283"
},
{
"DisplayName": "Microsoft OLE DB Driver for SQL Server",
"DisplayVersion": "18.3.0.0"
},
{
"DisplayName": "SSMS Post Install Tasks",
"DisplayVersion": "15.0.18338.0"
},
{
"DisplayName": "Microsoft Windows Desktop Runtime - 3.1.3 (x64)",
"DisplayVersion": "24.76.28628"
},
{
"DisplayName": "Beats filebeat 7.9.3 (x86_64)",
"DisplayVersion": "7.9.3"
},
{
"DisplayName": "Microsoft Silverlight",
"DisplayVersion": "5.1.50918.0"
},
{
"DisplayName": "PowerShell Studio 2020",
"DisplayVersion": "5.7.181.0"
},
{
"DisplayName": "SQL Server Management Studio for Reporting Services",
"DisplayVersion": "15.0.18338.0"
},
{
"DisplayName": "Microsoft SQL Server 2012 Native Client ",
"DisplayVersion": "11.4.7462.6"
},
{
"DisplayName": "Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support",
"DisplayVersion": "15.0.27520"
},
{
"DisplayName": "SAPIEN Updates",
"DisplayVersion": "1.1.37.0"
},
{
"DisplayName": "Update for Windows 10 for x64-based Systems (KB4480730)",
"DisplayVersion": "2.55.0.0"
},
{
"DisplayName": "Microsoft Analysis Services OLE DB Provider",
"DisplayVersion": "15.0.2000.20"
},
{
"DisplayName": "Microsoft .NET Core Host FX Resolver - 3.1.3 (x64)",
"DisplayVersion": "24.76.28628"
},
{
"DisplayName": "Microsoft ODBC Driver 17 for SQL Server",
"DisplayVersion": "17.5.1.1"
},
{
"DisplayName": "Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.21.27702",
"DisplayVersion": "14.21.27702"
},
{
"DisplayName": "Adobe Flash Player 32 NPAPI",
"DisplayVersion": "32.0.0.445"
},
{
"DisplayName": "Adobe Flash Player 32 PPAPI",
"DisplayVersion": "32.0.0.445"
},
{
"DisplayName": "Microsoft Edge",
"DisplayVersion": "86.0.622.63"
},
{
"DisplayName": "Microsoft Edge Update",
"DisplayVersion": "1.3.137.99"
},
{
"DisplayName": "Microsoft Help Viewer 2.3",
"DisplayVersion": "2.3.28107"
},
{
"DisplayName": "MiniTool ShadowMaker Free Edition",
"DisplayVersion": "3.2"
},
{
"DisplayName": "No-IP DUC",
"DisplayVersion": "4.1.1"
},
{
"DisplayName": "WinSCP 5.17.7",
"DisplayVersion": "5.17.7"
},
{
"DisplayName": "Microsoft SQL Server Management Studio - 18.6",
"DisplayVersion": "15.0.18338.0"
},
{
"DisplayName": "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005",
"DisplayVersion": "12.0.21005"
},
{
"DisplayName": "Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702",
"DisplayVersion": "14.21.27702"
},
{
"DisplayName": "Python 3.8.4 Utility Scripts (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702",
"DisplayVersion": "14.21.27702"
},
{
"DisplayName": "Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702",
"DisplayVersion": "14.21.27702.2"
},
{
"DisplayName": "Python 3.8.4 Documentation (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Microsoft Analysis Services OLE DB Provider",
"DisplayVersion": "15.0.2000.20"
},
{
"DisplayName": "Python 3.8.4 Executables (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Python Launcher",
"DisplayVersion": "3.8.7133.0"
},
{
"DisplayName": "Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support",
"DisplayVersion": "15.0.27520"
},
{
"DisplayName": "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161",
"DisplayVersion": "9.0.30729.6161"
},
{
"DisplayName": "Python 3.8.4 Tcl/Tk Support (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Python 3.8.4 Standard Library (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Visual Studio 2017 Isolated Shell for SSMS",
"DisplayVersion": "15.0.28307.421"
},
{
"DisplayName": "Python 3.8.4 Core Interpreter (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Python 3.8.4 Add to Path (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "MindMaster(Build 8.0.4.115)",
"DisplayVersion": "8.0.4.115"
},
{
"DisplayName": "Python 3.8.4 pip Bootstrap (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Microsoft Help Viewer 2.3",
"DisplayVersion": "2.3.28107"
},
{
"DisplayName": "Python 3.8.4 Test Suite (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Integration Services",
"DisplayVersion": "15.0.2000.118"
},
{
"DisplayName": "Python 3.8.4 Development Libraries (32-bit)",
"DisplayVersion": "3.8.4150.0"
},
{
"DisplayName": "Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702",
"DisplayVersion": "14.21.27702.2"
},
{
"DisplayName": "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501",
"DisplayVersion": "12.0.30501.0"
},
{
"DisplayName": "Microsoft Windows Desktop Runtime - 3.1.3 (x64)",
"DisplayVersion": "3.1.3.28628"
},
{
"DisplayName": "Microsoft Visual Studio Tools for Applications 2017",
"DisplayVersion": "15.0.27520"
},
{
"DisplayName": "Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005",
"DisplayVersion": "12.0.21005"
}
],
"@version": "1",
"headers": {
"http_host": "192.168.1.105:6000",
"request_path": "/",
"connection": "Keep-Alive",
"request_method": "PUT",
"http_user_agent": "Mozilla/5.0 (Windows NT; Windows NT 10.0; en-NZ) WindowsPowerShell/5.1.18362.752",
"content_type": "application/json",
"http_accept": null,
"http_version": "HTTP/1.1",
"content_length": "14175"
},
"@timestamp": "2020-11-07T18:26:47.570Z",
"Patchesneeded": 0
},
"fields": {
"@timestamp": [
"2020-11-07T18:26:47.570Z"
]
},
"sort": [
1604773607570
]
}
This json document is imported into the ELK through logstash.
In kibana what I would like is to list the software and match it to a computer.
However when I try to match the contents of software to a computer in Kibana, there is no obvious way of doing this. I ama brand new use of ELK, so I am still learning.
I read that Kibana doesnt really do nested objects and I understand that. I was wondering if there was any other way that we can pull out that nested object so that I can achieve what i want?
I will be gratefyul for any guidance. Many thanks.
Wei-Yen Tan