I’m looking for an explanation how the variance function is working, when used in alert definition.
Let’s say I want to be notified if there is a significant variance in the 24h for malicious sites.
How does graylog calculates the variance in that case? How many/Which intervals are used for the calculation? Unfortunately, it isn’t well documented…
Many thanks again!