Hi,
I have kibana setup for some internal REST services. Via the APM I capture the IP address (context.request.socket.remote_address) and also the url that the transaction took place on (context.request.url.pathname).
What I'm trying and failing to do is get a visualisation of the number of times a specific IP address has made to a specific URL. It seems like anytime I try and run a visualisation with the context.request.socket.remote_address I fail to get any data back from the visualization.
Any help or advice is appreciated.
Can you give an example of the data you have in ES(it's fine to obfuscate IPs and addreses, i just need the format of a document in ES) and what the visualization parameters are?
Right now with this information I would create a Data table with a Count metric, Split rows on terms for the IP field and then another split on the URL accessed.
This is an example of a entry in the discover tab, if that's any help. I've removed some entries but the structure is the same.
@timestamp November 19th 2019, 10:15:16.520
t _id _woog24BbKn-19USzDay
t _index apm-6.7.1-transaction-000002
# _score 1
t _type doc
t beat.hostname 07f4e8419b21
t beat.name instance-0000000011
t beat.version 6.7.1
# context.process.pid 22,450
t context.process.title [REDACTED]
t context.request.body [REDACTED]
? context.request.headers.authorization [REDACTED]
t context.request.headers.host [REDACTED]
t context.request.http_version 1.1
t context.request.method GET
context.request.socket.encrypted true
t context.request.socket.remote_address [REDACTED]
t context.request.url.full [REDACTED]
t context.request.url.hostname [REDACTED]
t context.request.url.pathname [REDACTED]
t context.request.url.port 8443
t context.request.url.protocol https
context.response.finished true
t context.response.headers.Cache-Control no-cache, no-store, max-age=0, must-revalidate
t context.response.headers.Connection close
t context.response.headers.Content-Type application/xml;charset=UTF-8
t context.response.headers.Date Tue, 19 Nov 2019 10:15:16 GMT
t context.response.headers.Expires 0
t context.response.headers.Pragma no-cache
t context.response.headers.Set-Cookie [REDACTED]
t context.response.headers.Strict-Transport-Security max-age=31536000 ;
includeSubDomains
t context.response.headers.Transfer-Encoding chunked
t context.response.headers.Vary Accept-Encoding
t context.response.headers.X-Content-Type-Options nosniff
t context.response.headers.X-Frame-Options DENY
t context.response.headers.X-XSS-Protection 1; mode=block
context.response.headers_sent true
# context.response.status_code 400
t context.service.agent.name java
t context.service.agent.version 1.6.1
t context.service.environment [REDACTED]
t context.service.language.name Java
t context.service.language.version 1.8.0_212
t context.service.name [REDACTED]
t context.service.runtime.name Java
t context.service.runtime.version 1.8.0_212
t context.service.version 3.38
t context.system.architecture amd64
t context.system.hostname [REDACTED]
context.system.ip [REDACTED]
t context.system.platform Linux
t context.user.username [REDACTED]
t error id icon -
t host.name instance-0000000011
t processor.event transaction
t processor.name transaction
# timestamp.us 1,574,158,516,520,000
t trace.id 449921f04a896083fc1cb51cd9707d5f
# transaction.duration.us 116,806
t transaction.id View Spans
t transaction.name [REDACTED]
t transaction.result HTTP 4xx
transaction.sampled true
# transaction.span_count.dropped.total 0
# transaction.span_count.started 33
t transaction.type request
t view errors View Errors