I believe at the moment, pipeline doesn't offer aggregation feature which is must to achieve this. I would appreciate if anyone knows any workaround to achieve this.
On Sunday, September 4, 2016 at 2:51:02 PM UTC+5:30, Ajay Kumar wrote: > > Hi All, > > I am learning graylog to use as a SIEM solution, as per my knowledge we > can use only pipeline processor feature for below scenario: > > Alert when 5 authentication failures followed by a successful logon by > that same origin login > > I have went through document but unable to understand how to achieve this. > > I would appreciate if someone can help me. > > Regards, > > Jay > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d1c5ee7d-4989-42f2-8d0f-7f15aabee382%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
