Hi I am getting logs into graylog in json format, and the source address field in json is considered by Gio-location plugin and provides proper country + city details.
Now is there any way in graylog or plugin to consider 2 fields “user” + “gio_location” and say if within 1 hr the user tried to access from 2 different location then need to raise an alert.
I am alrady using aggregator plugin but not able to implement this kind of usecases. Or please provide me some options how I can implement this kind of complex usecases.