ELK Assignment

Wednesday, February 16, 2022

ELK Assignment

It is on the basis of Apache Log data ( https://logz.io/sample-data).

Run below queries on different time interval (today, last 15 mins...) and check the count of Hits and also check the visualization in form of bar chart.

1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)

2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)

3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN

4. Find all the records for verb GET.

5. Find all the records with the request is /category/software and response is 200 for today.

6. Find all the records where message contains Mozilla

7. Find all the records where verb is not GET

8. Find all the records where verb is either GET or POST

9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.

10 Find recrods with geoip.country_code is US and time zone is America/New_York

17 comments:

Asyraf said...: Asyraf

1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)

geoip.country_code2:"US" and geoip.country_code3:"US"

2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)

not geoip.country_code2:"US" and not geoip.country_code3:"US"

3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN

geoip.country_code3: US or geoip.country_code3: IN

4. Find all the records for verb GET.

verb: "GET"

5. Find all the records with the request is /category/software and response is 200 for today.

request: "/category/software" and response:"200"

6. Find all the records where message contains Mozilla

message: "Mozilla"

7. Find all the records where verb is not GET

NOT verb:"GET"

8. Find all the records where verb is either GET or POST

verb:"GET" or verb:"POST"

9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.

clientip: "184.153.198.34" and geoip.city_name: "Watertown"

10 Find recrods with geoip.country_code is US and time zone is America/New_York

geoip.country_code2: "US" and geoip.country_code3: "US" and geoip.timezone: "America/New_York"; February 16, 2022 at 8:39 PM
Unknown said...: Mikraj

1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)

geoip.country_code2:US and geoip.country_code3:US >> TODAY: 6272 hits >> last 15min: 104 hits

2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)

not geoip.country_code2:US and not geoip.country_code3:US >> TODAY: 5247 hits >> last 15min: 76 hits

3. Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN

geoip.country_code3: US or geoip.country_code3: IN >> TODAY:6,328 hits >> 15min:101 hits

4. Find all the records for verb GET.

verb: GET >> TODAY: 10,749 hits >> 15min: 164 hits

5. Find all the records with the request is /category/software and response is 200 for today.

request: "/category/software" and response: 200 >> TODAY: 1,064 hits

6. Find all the records where message contains Mozilla

message: "Mozilla" >> TODAY: 11,519 hits >> 15min: 180 hits

7. Find all the records where verb is not GET

not verb:"GET" >>TODAY: 770 hits >> 15min: 18 hits

8. Find all the records where verb is either GET or POST

verb:"GET" or verb:"POST" >> TODAY:11,519 hits >> 15min: 180 hits

9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.

clientip: "184.153.198.34" and geoip.city_name: "Watertown" >> TODAY:12 hits >> 15min: no data

10. Find records with geoip.country_code is US and time zone is America/New_York

geoip.country_code2: US and geoip.country_code3: US and geoip.timezone: "America/New_York" >> Today: 639 hits >> 15min:10 hits; February 16, 2022 at 8:51 PM
Muhd Irfan Abdul Rahman said...: Irfan

1. geoip.country_code2:"US" and geoip.country_code3:"US"
last 15minutes: 106 hits
today: 6,272 hits
last 30 days: 1,759 hits

2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
last 15minutes: 77 hits
today: 5,245 hits
last 30 days: 1,457 hits

3. geoip.country_code3:"US" or geoip.country_code3:"IN"
last 15minutes: 100 hits
today: 6,328 hits
last 30 days: 1,827 hits

4. verb:"GET"
last 15minutes: 162 hits
today: 10,747 hits
last 30 days: 3,074 hits

5. request:"/category/software" and response:200
last 15minutes: 24 hits
today: 1064 hits
last 30 days: 326 hits

6. message:"mozilla"
last 15minutes: 180 hits
today: 720 hits
last 30 days: 3393 hits

7. not verb:"GET"
last 15minutes: 17 hits
today: 770 hits
last 30 days: 237 hits

8. verb:"GET" or verb:"POST"
last 15minutes: 180 hits
today: 11,517 hits
last 30 days: 3426 hits

9. clientip:184.153.198.34 and geoip.city_name:"Watertown"
last 15minutes: 0 hits
today: 12 hits
last 30 days: 2 hits

10. (geoip.country_code2:"US" or geoip.country_code3:"US") and geoip.timezone:"America/New_York"
last 15minutes: 9 hits
today: 639 hits
last 30 days: 196 hits; February 16, 2022 at 8:51 PM
Naveen said...: 1. geoip.country_code2:"US" and geoip.country_code3:"US"
2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
3. geoip.country_code3:"US" or geoip.country_code3:"IN"
4. verb:"GET"
5. request:"/category/software" and response:"200"
6. message:"Mozilla"
7. not verb:"GET"
8. verb:"GET" or verb:"POST"
9. clientip:"184.153.198.34" and geoip.city_name:"Watertown"
10. geoip.country_code2:"US" and geoip.country_code3:"US" and geoip.timezone:"America/New_York"; February 16, 2022 at 8:53 PM
Jerome said...: 1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)
- Today: 6,272 hits
- Last 15mins: 100 hits

2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)
- Today: 5,247 hits
- Last 15mins: 86 hits

3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN
- Today: 6,328 hits
- Last 15mins: 90

4. Find all the records for verb GET.
- Today: 10,749 hits
- Last 15mins: 161

5. Find all the records with the request is /category/software and response is 200 for today.
- Today: 914
- Last 15mins: 17

6. Find all the records where message contains Mozilla
- Today: 11,519
- Last 15mins: 180

7. Find all the records where verb is not GET
- Today: 770
- Last 15mins: 14
8. Find all the records where verb is either GET or POST
- Today: 11,519
- Last 15mins: 180
9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.
- Today: 12
- Last 15mins: 0
10 Find recrods with geoip.country_code is US and time zone is America/New_York
- Today: 639
- Last 15mins: 10; February 16, 2022 at 8:53 PM
Pong said...: pong

1. geoip.country_code2:"US" and geoip.country_code3:"US"
2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
3. geoip.country_code3:"US" or geoip.country_code3:"IN"
4. GET
5. message:"/category/software" and response:200
6. Mozilla
7. not GET
8. GET or POST
9. geoip.city_name: "Watertown" and 184.153.198.34; February 16, 2022 at 8:57 PM
kp said...: 1. geoip.country_code2:"US" and geoip.country_code3:"US"
last 15minutes: 106 hits
today: 6,272 hits
last 30 days: 1,759 hits

2. not geoip.country_code2:"US" and not geoip.country_code3:"US"
last 15minutes: 77 hits
today: 5,245 hits
last 30 days: 1,457 hits

3. geoip.country_code3:"US" or geoip.country_code3:"IN"
last 15minutes: 100 hits
today: 6,328 hits
last 30 days: 1,827 hits

4. verb:"GET"
last 15minutes: 162 hits
today: 10,747 hits
last 30 days: 3,074 hits

5. request:"/category/software" and response:200
last 15minutes: 24 hits
today: 1064 hits
last 30 days: 326 hits

6. message:"mozilla"
last 15minutes: 180 hits
today: 720 hits
last 30 days: 3393 hits

7. not verb:"GET"
last 15minutes: 17 hits
today: 770 hits
last 30 days: 237 hits

8. verb:"GET" or verb:"POST"
last 15minutes: 180 hits
today: 11,517 hits
last 30 days: 3426 hits

9. clientip:184.153.198.34 and geoip.city_name:"Watertown"
last 15minutes: 0 hits
today: 12 hits
last 30 days: 2 hits

10. (geoip.country_code2:"US" or geoip.country_code3:"US") and geoip.timezone:"America/New_York"
last 15minutes: 9 hits
today: 639 hits
last 30 days: 196 hits; February 16, 2022 at 9:02 PM
Jerome said...: 1. Find all the records for US users (geoip.country_code2 and geoip.country_code3)
- geoip.country_code2.keyword : "US" and geoip.country_code3.keyword : "US"
- Today: 6,272 hits
- Last 15mins: 100 hits

2. Find all the records for users other than US users (geoip.country_code2 and geoip.country_code3)
- NOT geoip.country_code2: US AND NOT geoip.country_code3: US
- Today: 5,247 hits
- Last 15mins: 86 hits

3.Find all the records for users in CountryCode3( geoip.country_code3) is either US or IN
- geoip.country_code3.keyword : "US" or geoip.country_code3.keyword : "IN"
- Today: 6,328 hits
- Last 15mins: 90

4. Find all the records for verb GET.
- verb.keyword : "GET"
- Today: 10,749 hits
- Last 15mins: 161

5. Find all the records with the request is /category/software and response is 200 for today.
- request.keyword : "/category/software" and response.keyword : "200"
- Today: 914
- Last 15mins: 17

6. Find all the records where message contains Mozilla
- message : "mozilla"
- Today: 11,519
- Last 15mins: 180

7. Find all the records where verb is not GET
- Today: 770
- Last 15mins: 14

8. Find all the records where verb is either GET or POST
- NOT verb.keyword: GET
- Today: 11,519
- Last 15mins: 180

9. Find all the records where clientip is 184.153.198.34 and geoip.cityname Watertown.
- clientip.keyword : "184.153.198.34" and geoip.city_name.keyword : "Watertown"
- Today: 12
- Last 15mins: 0

10 Find recrods with geoip.country_code is US and time zone is America/New_York
- geoip.country_code2.keyword : "US" and geoip.timezone.keyword : "America/New_York"
- Today: 639
- Last 15mins: 10; February 16, 2022 at 9:07 PM
Chin YZ said...: 1. geoip.country_code2 : "US" and geoip.country_code3 : "US"
2. not geoip.country_code2 : "US" and geoip.country_code3 : "US"
3. geoip.country_code3 : ("US" or "IN")
4. verb : "GET"
5. message : "/category/software" and response : 200
6. message : "Mozilla"
7. not GET
8. verb : GET or POST
9. geoip.city_name : "Watertown" and 184.153.198.34
10. geoip.country_code3 : "US" and geoip.timezone : "America/New_York"; February 16, 2022 at 9:09 PM
Raman said...: Great work; February 16, 2022 at 9:10 PM
Raman said...: Great work; February 16, 2022 at 9:10 PM
Raman said...: Excellent; February 16, 2022 at 9:11 PM
Raman said...: Great Work; February 16, 2022 at 9:11 PM
Raman said...: Excellent; February 16, 2022 at 9:11 PM
Unknown said...: This comment has been removed by the author.; February 16, 2022 at 9:11 PM
Raman said...: Keneth Good work; February 16, 2022 at 9:12 PM
Raman said...: Great; February 16, 2022 at 9:12 PM

Followers

Pages

DevOpsWorld

Wednesday, February 16, 2022

ELK Assignment

17 comments:

Post a Comment

DevOps Tutorial List

Popular Posts

Search This Blog