Yes, I'm using kibana as well. Out of kibana i can manually extract this data, but the problem is that a SQL like "group by domain, ip" is not really doable on a large index. As far as I know anything with grouping involved is done internally with facets, which doesn't respect any kind of time filter.
Am Sonntag, 6. Juli 2014 11:28:22 UTC+2 schrieb Mark Walkom: > > Are you using kibana? You should be able to extract this pretty simply if > you are, if not, check it out. > > Regards, > Mark Walkom > > Infrastructure Engineer > Campaign Monitor > email: [email protected] <javascript:> > web: www.campaignmonitor.com > > > On 6 July 2014 19:12, Stefan Hasenstab <[email protected] <javascript:>> > wrote: > >> Problem: >> >> I have aggregated accesslog data from different webservers in a large >> logstash index. My goal is to get the page *visits* out of the accesslog >> hits. >> >> A *visit* is defined as following: A visit results out of one or more >> hits from a single ip address in a specific time frame. Due to different >> products on the webservers each domain should be considered separately. >> My questions are: >> >> - Can this problem already be solved with build-in elasticsearch >> features? If *yes*, how? >> - If *no*: >> - What kind of plugin would you suggest? >> >> My own considerations lead from building a custom filter to retrieve just >> the data I need, to build a plugin which analyses the accesslog index and >> put the visit-data into a new index. >> >> Maybe someone can help me? I appreciate every answer. Thank you for your >> time! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/1abed157-cdc2-4e0f-b314-a954c20b89f2%40googlegroups.com >> >> <https://groups.google.com/d/msgid/elasticsearch/1abed157-cdc2-4e0f-b314-a954c20b89f2%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/06924fcf-cd3e-4354-aa66-6e58428a9734%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
