You can count the number of events in a time span. To get an alarm for 3 or more events in a rolling 30 minutes window:
{HOST:eventlog[Security,,,,4625,,skip].count(30m,"4625",regexp)}>=3
CLICK HERE to find out more related problems solutions.
You can count the number of events in a time span. To get an alarm for 3 or more events in a rolling 30 minutes window:
{HOST:eventlog[Security,,,,4625,,skip].count(30m,"4625",regexp)}>=3
CLICK HERE to find out more related problems solutions.