I am specifically looking at two messages sent by an application. If message A has been received prior to message B, show the application on the data table. If message B has been received prior to message A, don’t show the application in the data table. Is there a way of constructing a query to group on criteria like this?
Hello && Welcome @craab
Not sure about using a widget, might take some time to get the output you want, as for Alerts the Event Definitions have Correlation Engine. Other then that Im not sure.
Unfortunately we are looking to incorporate this into a dashboard.