Hello everyone,
I have a document with IP address and the username. A user in a country can have an IP Address in a specific range for example from 192.168.0.0 up to 192.168.0.255. That means for example it logs on from France. I want to detect if the user changes its location by login. I am configuring the detector so that my feature detector is the IP Addrees with the aggregation Min .
{
"data_win_eventdata_ip_address": {
"min": {
"field": "data.win.eventdata.ipAddress"
}
}
}
Furthermore, i have add a category with the field IP Address.
But that does not seems to work. Can someone please help me, how i can configure it suitable?
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.