Alert/IP/Counts

hi

am trying to get an Alert if Any IP have x or more Count or sessions open within specific time frame. how i can do that

I (we) have no idea what you currently have, what you have tried or where you are stuck…

Read through this (https://community.graylog.org/faq) it will help you figure out how to format your question in a way that is more conducive to forum help.

1 Like

Use Aggregation: https://docs.graylog.org/en/4.0/pages/alerts.html#aggregation

Group by src_ip and count() > X

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.