hi
am trying to get an Alert if Any IP have x or more Count or sessions open within specific time frame. how i can do that
hi
am trying to get an Alert if Any IP have x or more Count or sessions open within specific time frame. how i can do that
I (we) have no idea what you currently have, what you have tried or where you are stuckβ¦
Read through this (https://community.graylog.org/faq) it will help you figure out how to format your question in a way that is more conducive to forum help.
Use Aggregation: https://docs.graylog.org/en/4.0/pages/alerts.html#aggregation
Group by src_ip and count() > X
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.