I’m want to trigger action when from a single ‘host’ a specific log crosses a threshold of 100 / hour.
What I have now is getting the total count and triggering the alarm, but I want to group by bucket.
Field name is - ‘host’.
Also, in the condition I need to have the time range; ie. 100 / hour. Thanks in advance. I am new to scripting.