I’m trying on my Graylog (version 4.0 on ELS OSS 7.10) to create alerts for bruteforce on my application. When creating a event, and selecting the option “Aggregation of results reaches a threshold”, you find a section " Create Events for Definition".
Here there’s the possibility to define some options to follow. Anyways, I din’t find anything in the Doc that explains what this functions (count, sttddev, card, ecc) does.
Where can I find some explanation?