Sidehistorik
...
the problem her, is that the data is persistent in Elasticsearch, and Changes to IP's and Devices are not reflected. In Splunk I solved this with a lookup, but now we can do it in Kibana with scripted fields in the new "Painless" language that also states : The Painless syntax is similar to Groovy.
Scripted fields are found in the Management section:
...
And the success is eminent:
In Logstash I had the possibility to return 3 fields in one bulk (IPOwner, Device and Interface), but I assume that with Scripted fields I need to make a scripted field pr. field.