Display Distinct IP and their Count

Hi all,

Requirement

Get the Top hitting IPs and their count and visualize in Grafana

We are trying to populate the distinct IP (dynamic values) and their count in Grafana (version 7.5.11).

We were able to populate the logs from ES into Grafana, however unable to achieve the requirement (mentioned earlier).


Data Source :: Elastic Search (version 7.8.0)

Could someone please advise if this is feasible and steps to achieve if any ?

Hi…

Maybe you could try Grouping instead of calculate.
With grouping only, it will group the same IP address and count it in the value in the right pane…

Regards,
Fadjar Tandabawana

Hi @fadjar340

Thanks for the update.

As per what we tried (as in the screenshot attached),
We were trying to group based on “ap_client_ip” and then calculate based on their distinct count.

Group By ap_client_ip AND Calculate based on Distinct Count.

Could you advise on how to achieve otherwise ? A screenshot would help :slight_smile:

Hi @fadjar340

FYI

Getting the following ERROR when I try to get the unique count of each IP keeping a threshold of 300 and ,
Grouping them based on each IP.

Result when tried with “ap_client_ip.keyword”

Could you please advise ?

You can run this script from Kibana Dev Tool:

PUT your_index/_mapping
{
   "type": {
      "properties": {
        "ap_client_ip": {
          "type": "text",
          "fielddata": true
        }
      }
   }
}

Hi @fadjar340,

Thanks for the update.

Just executed as you have mentioned but it resulted in an ERROR

We already have a Kibana Visualisation which plots the top IPs and their count

Could you advise on why what we are actually trying to achieve in Kibana when our requirement is to plot in Grafana ?

Issue solved!

Added the params as in screenshot with the timeframe set to a larger duration say yesterday