Alert eventid and ip source.How to have corelation

Corentin · June 20, 2018, 9:04am

Hello

I programmed an alert when on my stream has 5 eventid 4625 on 5minute I would like to add a condition that it comes from the same ip source.

how i can do that ?

Corentin · June 20, 2018, 2:48pm

Nobody know how to do that

jochen · June 20, 2018, 3:00pm

This is a community forum in which people are helping in their free time. You cannot expect to get an answer or even a reply within a given time.

If you want authoritative answers within a certain time, you’ll have to buy professional support:
https://www.graylog.org/pricing

Corentin · June 21, 2018, 7:09am

Ok thank you, have nice day

system · July 5, 2018, 7:09am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alert email format Graylog Central (peer support)	12	2248	September 18, 2020
Advanced Searches - Graylog Graylog Central (peer support)	1	522	November 15, 2017
Alert: logID + log content Graylog Central (peer support)	2	397	January 2, 2020
Stream how do correlation betwen 2 rules Graylog Central (peer support)	8	2169	June 29, 2018
Alert agreggation with content Graylog Central (peer support)	3	682	December 20, 2018