Happy in using Elastic Stack 5 with Ingest mode (Filebeat) now 
I have a visualization (Data Table) to show all the source IP count to visit my web server.
clientip: Ascending Count
1.10.100.151 1000
1.10.100.152 1000
1.10.101.153 500
1.10.101.153 200
1.10.200.160 30
1.164.10.238 10
How can I group them by /24 subnet to become the list like below?
clientip: Ascending Count
1.10.100.0/24 2000
1.10.101.0/24 1000
1.10.200.0/24 30
1.164.10.0/24 10
Elasticsearch allows you to create aggregation buckets, including using a CIDR mask but it doesn't appear you can do it automatically. You might be able to create a custom tokenizer to accomplish this.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.