Elastic Stack
Kibana
Search Filters
This is an example of looking for an logs that contain the string "password":
This is an example of looking for logs that contain the name jhenderson stored in a field called user:
Note: Sometimes a string needs to be surrounded with double quotes.
Example:
This is an example of looking for logs that contain a source port greater than 40000:
This is an example of looking for logs that contain a destination IP between 10.0.0.0 and 10.255.255.255:
This is an example of looking for logs that have a field named tls:
This is an example of looking for logs that do not have a field named tls:
This is an example of looking for logs that do not have a tag of pci:
This is an example of looking for logs that are between a specific date:
Combining search filters
Search filters can be combined using (), AND, and OR
This is an example of looking for a network connection sourcing from 192.168.0.1 going to 8.8.8.8:
This is an example of looking for a network connection coming from 192.168.0.1 or 192.168.0.2:
This is an example of looking for a network connection coming from 192.168.0.1 or 192.168.0.2 that is destined for 8.8.8.8:
This is an example of looking for network connections coming from 192.168.0.1 that are not going to 8.8.8.8:
Note: Using AND is not required when using an exclusion filter
Here is the same example as above that still works:
This is an example of looking for network connections that are not going to a private IP address:
Last updated