Visualize number of times an IP hits a URL


I have kibana setup for some internal REST services. Via the APM I capture the IP address (context.request.socket.remote_address) and also the url that the transaction took place on (context.request.url.pathname).

What I'm trying and failing to do is get a visualisation of the number of times a specific IP address has made to a specific URL. It seems like anytime I try and run a visualisation with the context.request.socket.remote_address I fail to get any data back from the visualization.

Any help or advice is appreciated.

Can you give an example of the data you have in ES(it's fine to obfuscate IPs and addreses, i just need the format of a document in ES) and what the visualization parameters are?

Right now with this information I would create a Data table with a Count metric, Split rows on terms for the IP field and then another split on the URL accessed.

This is an example of a entry in the discover tab, if that's any help. I've removed some entries but the structure is the same.

 @timestamp	November 19th 2019, 10:15:16.520
t _id	_woog24BbKn-19USzDay
t _index	apm-6.7.1-transaction-000002
# _score	1
t _type	doc
t beat.hostname	07f4e8419b21
t	instance-0000000011
t beat.version	6.7.1
#	22,450
t context.process.title	[REDACTED]
t context.request.body	[REDACTED]
? context.request.headers.authorization	 [REDACTED]
t context.request.http_version	1.1
t context.request.method	GET
 context.request.socket.encrypted	true
t context.request.socket.remote_address	[REDACTED]
t context.request.url.full	[REDACTED]
t context.request.url.hostname	[REDACTED]
t context.request.url.pathname	[REDACTED]
t context.request.url.port	8443
t context.request.url.protocol	https
 context.response.finished	true
t context.response.headers.Cache-Control	no-cache, no-store, max-age=0, must-revalidate
t context.response.headers.Connection	close
t context.response.headers.Content-Type	application/xml;charset=UTF-8
t context.response.headers.Date	Tue, 19 Nov 2019 10:15:16 GMT
t context.response.headers.Expires	0
t context.response.headers.Pragma	no-cache
t context.response.headers.Set-Cookie	[REDACTED]
t context.response.headers.Strict-Transport-Security	max-age=31536000 ; 
t context.response.headers.Transfer-Encoding	chunked
t context.response.headers.Vary	Accept-Encoding
t context.response.headers.X-Content-Type-Options	nosniff
t context.response.headers.X-Frame-Options	DENY
t context.response.headers.X-XSS-Protection	1; mode=block
 context.response.headers_sent	true
# context.response.status_code	400
t	java
t context.service.agent.version	1.6.1
t context.service.environment	[REDACTED]
t	Java
t context.service.language.version	1.8.0_212
t	Java
t context.service.runtime.version	1.8.0_212
t context.service.version	3.38
t context.system.architecture	amd64
t context.system.hostname	[REDACTED]
 context.system.ip	[REDACTED]
t context.system.platform	Linux
t context.user.username	[REDACTED]
t error id icon	 - 
t	instance-0000000011
t processor.event	transaction
t	transaction
#	1,574,158,516,520,000
t	449921f04a896083fc1cb51cd9707d5f
#	116,806
t	View Spans
t transaction.result	HTTP 4xx
 transaction.sampled	true
#	0
# transaction.span_count.started	33
t transaction.type	request
t view errors	View Errors

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.