Practitioner Level

Searching and Filtering Data in Kibana 7.6

Pricing
1 hour
  • 3 Learning Objectives

About this Hands-on Lab

There is a lot of value in visualizing data in Kibana but that value quickly reaches a limit unless you can also drill down to access the less obvious characteristics of your data. There are a number of ways to filter your data in Kibana from using the time picker with time-series data, crafting Kibana Query Language (KQL) queries, or just using the filtering mechanisms built in to the user interface. In this hands-on lab, we will explore the various ways to filter data in Kibana so that you can quickly discover the insights buried in your data.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the `logs_1` Saved Search
  1. Navigate to the Discovery tab.
  2. Add the necessary filter(s) and/or Kibana Query Language (KQL) to meet the search criteria for the logs_1 query.
  3. Save the search as logs_1.
Create the `logs_2` Saved Search
  1. Navigate to the Discovery tab.
  2. Add the necessary filter(s) and/or Kibana Query Language (KQL) to meet the search criteria for the logs_2 query.
  3. Save the search as logs_2.
Create the `logs_3` Saved Search
  1. Navigate to the Discovery tab.
  2. Add the necessary filter(s) and/or Kibana Query Language (KQL) to meet the search criteria for the logs_3 query.
  3. Save the search as logs_3.
Contact SalesSee Pricing

Additional Resources

You are the administrator of an Elastic Stack used to collect and analyze web traffic to your company's website. The IT security team has requested several queries with specific search criteria that they would like to you create and save so they can run them periodically. The saved searches and their search criteria are as follows:

logs_1

  • Searches documents within the last 7 days.
  • Web requests sent from the client IP address 143.33.75.200.

logs_2

  • Searches documents within the last 7 days.
  • Web requests from either China (CN) or India (IN) to the United States (US).
  • Has security or warning tags.

logs_3

  • Searches documents within the last 7 days.
  • Response code of 200.
  • Has success and info tags.
  • Has file extension css or deb.
  • Is not from any machine with a Windows operating system.
  • The number bytes should be between 1 kilobyte (1024 bytes) and 2 kilobytes (2048 bytes) inclusive.

Your es1 node has an Kibana instance which can be accessed in your local web browser by navigating to the public IP address of the es1 node over port 8080 (example: http://public_ip:8080). To log in, use the elastic user with the password elastic_acg.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization