I have been curious for a while looking at Kibana’s Vega log parsing options to try to come up with displays and layout that aren’t standard in Kibana. A lot of the potential layouts already exists in Kibana but some of the other aren’t easily created and using Vega [2] provides some of the building block to create some of the output that I am researching and testing with DShield sensor data captured by cowrie honeypot [4].
Article Link: Vega-Lite with Kibana to Parse and Display IP Activity over Time - SANS Internet Storm Center