am trying to get an Alert if Any IP have x or more Count or sessions open within specific time frame. how i can do that

I (we) have no idea what you currently have, what you have tried or where you are stuck…

Read through this ( it will help you figure out how to format your question in a way that is more conducive to forum help.

1 Like

Use Aggregation:

Group by src_ip and count() > X

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.