I'm new to Kibana/Elasticsearch and I'm trying to visualize traffic data between servers. However my logstash indices only contain the fields "fwdbytes" (bytes sent out) and "bwdbytes" (bytes received). I am trying to visualize the amount of traffic per IP address.
This is my visualization for fwdbytes.
Here is my visualization for bwdbytes.
Now I want to combine the 2 separate visualizations into a single visualization by displaying the sum of fwdbytes+bwdbytes of each IP.
I've tried modifying the visualization in the Saved Objects panel of the Management tab, but I can't get Kibana to recognize the scripting inside visState. I've also tried directly modifying my logstash indices using DevTools:
The first API scripts a new field "totbytes" which is the sum of "fwdbytes" and "bwdbytes". However I don't think "totbytes" is stored in the logstash indices as even after I run the script and then try to create a visualization, Kibana does not recognize the "totbytes" field. The second API tries to create a new field inside "_source" for each document using update by query, however I don't think I scripted it properly as it does not compile. Any help is much appreciated.