I have kibana setup for some internal REST services. Via the APM I capture the IP address (context.request.socket.remote_address) and also the url that the transaction took place on (context.request.url.pathname).
What I'm trying and failing to do is get a visualisation of the number of times a specific IP address has made to a specific URL. It seems like anytime I try and run a visualisation with the context.request.socket.remote_address I fail to get any data back from the visualization.
Can you give an example of the data you have in ES(it's fine to obfuscate IPs and addreses, i just need the format of a document in ES) and what the visualization parameters are?
Right now with this information I would create a Data table with a Count metric, Split rows on terms for the IP field and then another split on the URL accessed.
This is an example of a entry in the discover tab, if that's any help. I've removed some entries but the structure is the same.
@timestamp November 19th 2019, 10:15:16.520
t _id _woog24BbKn-19USzDay
t _index apm-6.7.1-transaction-000002
# _score 1
t _type doc
t beat.hostname 07f4e8419b21
t beat.name instance-0000000011
t beat.version 6.7.1
# context.process.pid 22,450
t context.process.title [REDACTED]
t context.request.body [REDACTED]
? context.request.headers.authorization [REDACTED]
t context.request.headers.host [REDACTED]
t context.request.http_version 1.1
t context.request.method GET
context.request.socket.encrypted true
t context.request.socket.remote_address [REDACTED]
t context.request.url.full [REDACTED]
t context.request.url.hostname [REDACTED]
t context.request.url.pathname [REDACTED]
t context.request.url.port 8443
t context.request.url.protocol https
context.response.finished true
t context.response.headers.Cache-Control no-cache, no-store, max-age=0, must-revalidate
t context.response.headers.Connection close
t context.response.headers.Content-Type application/xml;charset=UTF-8
t context.response.headers.Date Tue, 19 Nov 2019 10:15:16 GMT
t context.response.headers.Expires 0
t context.response.headers.Pragma no-cache
t context.response.headers.Set-Cookie [REDACTED]
t context.response.headers.Strict-Transport-Security max-age=31536000 ;
includeSubDomains
t context.response.headers.Transfer-Encoding chunked
t context.response.headers.Vary Accept-Encoding
t context.response.headers.X-Content-Type-Options nosniff
t context.response.headers.X-Frame-Options DENY
t context.response.headers.X-XSS-Protection 1; mode=block
context.response.headers_sent true
# context.response.status_code 400
t context.service.agent.name java
t context.service.agent.version 1.6.1
t context.service.environment [REDACTED]
t context.service.language.name Java
t context.service.language.version 1.8.0_212
t context.service.name [REDACTED]
t context.service.runtime.name Java
t context.service.runtime.version 1.8.0_212
t context.service.version 3.38
t context.system.architecture amd64
t context.system.hostname [REDACTED]
context.system.ip [REDACTED]
t context.system.platform Linux
t context.user.username [REDACTED]
t error id icon -
t host.name instance-0000000011
t processor.event transaction
t processor.name transaction
# timestamp.us 1,574,158,516,520,000
t trace.id 449921f04a896083fc1cb51cd9707d5f
# transaction.duration.us 116,806
t transaction.id View Spans
t transaction.name [REDACTED]
t transaction.result HTTP 4xx
transaction.sampled true
# transaction.span_count.dropped.total 0
# transaction.span_count.started 33
t transaction.type request
t view errors View Errors
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.