Followers

ELK Assignment

17 0 Wednesday, February 16, 2022 2022-02-16T20:21:00-08:00 Edit this post

  It is on the basis of Apache Log data  ( https://logz.io/sample-data). Run below queries on different time interval (today, last 15 mins.....

 It is on the basis of Apache Log data  ( https://logz.io/sample-data).

Run below queries on different time interval (today, last 15 mins...) and check the  count of Hits and also check the visualization in form of bar chart.


1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)

2. Find all the records for users other than US users  (geoip.country_code2 and geoip.country_code3)

3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN

4. Find all the records for verb GET.

5. Find all the records with the request is /category/software  and response is 200 for today.

6. Find all the records where message contains Mozilla

7. Find all the records where verb is not GET

8. Find all the records where verb is either GET or POST

9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.

10 Find recrods with geoip.country_code is US and time zone is America/New_York


COMMENTS

BLOGGER: 17
  1. AsyrafFebruary 16, 2022 at 8:39 PM

    Asyraf

    1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)

    geoip.country_code2:"US" and geoip.country_code3:"US"

    2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)

    not geoip.country_code2:"US" and not geoip.country_code3:"US"

    3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN

    geoip.country_code3: US or geoip.country_code3: IN

    4. Find all the records for verb GET.

    verb: "GET"

    5. Find all the records with the request is /category/software and response is 200 for today.

    request: "/category/software" and response:"200"

    6. Find all the records where message contains Mozilla

    message: "Mozilla"

    7. Find all the records where verb is not GET

    NOT verb:"GET"

    8. Find all the records where verb is either GET or POST

    verb:"GET" or verb:"POST"

    9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.

    clientip: "184.153.198.34" and geoip.city_name: "Watertown"

    10 Find recrods with geoip.country_code is US and time zone is America/New_York

    geoip.country_code2: "US" and geoip.country_code3: "US" and geoip.timezone: "America/New_York"

    ReplyDelete
  2. UnknownFebruary 16, 2022 at 8:51 PM

    Mikraj

    1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)

    geoip.country_code2:US and geoip.country_code3:US >> TODAY: 6272 hits >> last 15min: 104 hits


    2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)

    not geoip.country_code2:US and not geoip.country_code3:US >> TODAY: 5247 hits >> last 15min: 76 hits


    3. Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN

    geoip.country_code3: US or geoip.country_code3: IN >> TODAY:6,328 hits >> 15min:101 hits


    4. Find all the records for verb GET.

    verb: GET >> TODAY: 10,749 hits >> 15min: 164 hits


    5. Find all the records with the request is /category/software and response is 200 for today.

    request: "/category/software" and response: 200 >> TODAY: 1,064 hits


    6. Find all the records where message contains Mozilla

    message: "Mozilla" >> TODAY: 11,519 hits >> 15min: 180 hits


    7. Find all the records where verb is not GET

    not verb:"GET" >>TODAY: 770 hits >> 15min: 18 hits


    8. Find all the records where verb is either GET or POST

    verb:"GET" or verb:"POST" >> TODAY:11,519 hits >> 15min: 180 hits


    9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.

    clientip: "184.153.198.34" and geoip.city_name: "Watertown" >> TODAY:12 hits >> 15min: no data



    10. Find records with geoip.country_code is US and time zone is America/New_York

    geoip.country_code2: US and geoip.country_code3: US and geoip.timezone: "America/New_York" >> Today: 639 hits >> 15min:10 hits

    ReplyDelete
  3. Muhd Irfan Abdul RahmanFebruary 16, 2022 at 8:51 PM

    Irfan

    1. geoip.country_code2:"US" and geoip.country_code3:"US"
    last 15minutes: 106 hits
    today: 6,272 hits
    last 30 days: 1,759 hits

    2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
    last 15minutes: 77 hits
    today: 5,245 hits
    last 30 days: 1,457 hits

    3. geoip.country_code3:"US" or geoip.country_code3:"IN"
    last 15minutes: 100 hits
    today: 6,328 hits
    last 30 days: 1,827 hits

    4. verb:"GET"
    last 15minutes: 162 hits
    today: 10,747 hits
    last 30 days: 3,074 hits

    5. request:"/category/software" and response:200
    last 15minutes: 24 hits
    today: 1064 hits
    last 30 days: 326 hits

    6. message:"mozilla"
    last 15minutes: 180 hits
    today: 720 hits
    last 30 days: 3393 hits

    7. not verb:"GET"
    last 15minutes: 17 hits
    today: 770 hits
    last 30 days: 237 hits

    8. verb:"GET" or verb:"POST"
    last 15minutes: 180 hits
    today: 11,517 hits
    last 30 days: 3426 hits

    9. clientip:184.153.198.34 and geoip.city_name:"Watertown"
    last 15minutes: 0 hits
    today: 12 hits
    last 30 days: 2 hits

    10. (geoip.country_code2:"US" or geoip.country_code3:"US") and geoip.timezone:"America/New_York"
    last 15minutes: 9 hits
    today: 639 hits
    last 30 days: 196 hits

    ReplyDelete
  4. NaveenFebruary 16, 2022 at 8:53 PM

    1. geoip.country_code2:"US" and geoip.country_code3:"US"
    2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
    3. geoip.country_code3:"US" or geoip.country_code3:"IN"
    4. verb:"GET"
    5. request:"/category/software" and response:"200"
    6. message:"Mozilla"
    7. not verb:"GET"
    8. verb:"GET" or verb:"POST"
    9. clientip:"184.153.198.34" and geoip.city_name:"Watertown"
    10. geoip.country_code2:"US" and geoip.country_code3:"US" and geoip.timezone:"America/New_York"

    ReplyDelete
  5. JeromeFebruary 16, 2022 at 8:53 PM

    1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)
    - Today: 6,272 hits
    - Last 15mins: 100 hits

    2. Find all the records for users other than US users  (geoip.country_code2 and geoip.country_code3)
    - Today: 5,247 hits
    - Last 15mins: 86 hits

    3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN
    - Today: 6,328 hits
    - Last 15mins: 90

    4. Find all the records for verb GET.
    - Today: 10,749 hits
    - Last 15mins: 161

    5. Find all the records with the request is /category/software  and response is 200 for today.
    - Today: 914
    - Last 15mins: 17

    6. Find all the records where message contains Mozilla
    - Today: 11,519
    - Last 15mins: 180

    7. Find all the records where verb is not GET
    - Today: 770
    - Last 15mins: 14
    8. Find all the records where verb is either GET or POST
    - Today: 11,519
    - Last 15mins: 180
    9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.
    - Today: 12
    - Last 15mins: 0
    10 Find recrods with geoip.country_code is US and time zone is America/New_York
    - Today: 639
    - Last 15mins: 10

    ReplyDelete
    Replies
    1. JeromeFebruary 16, 2022 at 9:07 PM

      1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)
      - geoip.country_code2.keyword : "US" and geoip.country_code3.keyword : "US"
      - Today: 6,272 hits
      - Last 15mins: 100 hits

      2. Find all the records for users other than US users  (geoip.country_code2 and geoip.country_code3)
      - NOT geoip.country_code2: US AND NOT geoip.country_code3: US
      - Today: 5,247 hits
      - Last 15mins: 86 hits

      3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN
      - geoip.country_code3.keyword : "US" or geoip.country_code3.keyword : "IN"
      - Today: 6,328 hits
      - Last 15mins: 90

      4. Find all the records for verb GET.
      - verb.keyword : "GET"
      - Today: 10,749 hits
      - Last 15mins: 161

      5. Find all the records with the request is /category/software  and response is 200 for today.
      - request.keyword : "/category/software" and response.keyword : "200"
      - Today: 914
      - Last 15mins: 17

      6. Find all the records where message contains Mozilla
      - message : "mozilla"
      - Today: 11,519
      - Last 15mins: 180

      7. Find all the records where verb is not GET
      - Today: 770
      - Last 15mins: 14

      8. Find all the records where verb is either GET or POST
      - NOT verb.keyword: GET
      - Today: 11,519
      - Last 15mins: 180

      9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.
      - clientip.keyword : "184.153.198.34" and geoip.city_name.keyword : "Watertown"
      - Today: 12
      - Last 15mins: 0

      10 Find recrods with geoip.country_code is US and time zone is America/New_York
      - geoip.country_code2.keyword : "US" and geoip.timezone.keyword : "America/New_York"
      - Today: 639
      - Last 15mins: 10

      Delete
    2. RamanFebruary 16, 2022 at 9:11 PM

      Excellent

      Delete
  6. PongFebruary 16, 2022 at 8:57 PM

    pong

    1. geoip.country_code2:"US" and geoip.country_code3:"US"
    2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
    3. geoip.country_code3:"US" or geoip.country_code3:"IN"
    4. GET
    5. message:"/category/software" and response:200
    6. Mozilla
    7. not GET
    8. GET or POST
    9. geoip.city_name: "Watertown" and 184.153.198.34

    ReplyDelete
  7. kpFebruary 16, 2022 at 9:02 PM

    1. geoip.country_code2:"US" and geoip.country_code3:"US"
    last 15minutes: 106 hits
    today: 6,272 hits
    last 30 days: 1,759 hits

    2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
    last 15minutes: 77 hits
    today: 5,245 hits
    last 30 days: 1,457 hits

    3. geoip.country_code3:"US" or geoip.country_code3:"IN"
    last 15minutes: 100 hits
    today: 6,328 hits
    last 30 days: 1,827 hits

    4. verb:"GET"
    last 15minutes: 162 hits
    today: 10,747 hits
    last 30 days: 3,074 hits

    5. request:"/category/software" and response:200
    last 15minutes: 24 hits
    today: 1064 hits
    last 30 days: 326 hits

    6. message:"mozilla"
    last 15minutes: 180 hits
    today: 720 hits
    last 30 days: 3393 hits

    7. not verb:"GET"
    last 15minutes: 17 hits
    today: 770 hits
    last 30 days: 237 hits

    8. verb:"GET" or verb:"POST"
    last 15minutes: 180 hits
    today: 11,517 hits
    last 30 days: 3426 hits

    9. clientip:184.153.198.34 and geoip.city_name:"Watertown"
    last 15minutes: 0 hits
    today: 12 hits
    last 30 days: 2 hits

    10. (geoip.country_code2:"US" or geoip.country_code3:"US") and geoip.timezone:"America/New_York"
    last 15minutes: 9 hits
    today: 639 hits
    last 30 days: 196 hits

    ReplyDelete
  8. Chin YZFebruary 16, 2022 at 9:09 PM

    1. geoip.country_code2 : "US" and geoip.country_code3 : "US"
    2. not geoip.country_code2 : "US" and geoip.country_code3 : "US"
    3. geoip.country_code3 : ("US" or "IN")
    4. verb : "GET"
    5. message : "/category/software" and response : 200
    6. message : "Mozilla"
    7. not GET
    8. verb : GET or POST
    9. geoip.city_name : "Watertown" and 184.153.198.34
    10. geoip.country_code3 : "US" and geoip.timezone : "America/New_York"

    ReplyDelete
  9. UnknownFebruary 16, 2022 at 9:11 PM

    This comment has been removed by the author.

    ReplyDelete

Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,git quiz,1,Git Worksheet,1,ITIL,1,ITSM,1,Jira,3,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SDLC Quiz,5,SonarQube,3,Splunk,2,vagrant kubernetes,1,Windows,1,YAML Basics,1,
ltr
item
DevOpsWorld: ELK Assignment
ELK Assignment
DevOpsWorld
https://www.devopsworld.co.in/2022/02/elk-assignment.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2022/02/elk-assignment.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content