Filter scripts for same time interval


I'm new in elastic search, my question is I need filter my logs for successful brute force attacks. The criteria that i'm using: I want logs that have the same time intervals (Mirror Time), Have more than three authentication failure, and have logged in successfully after the 3rd authentication failure.

What I need help with is a filter script query that cane give those logs, if i am using a wrong criteria please correct me.

Maybe you could give an example of one of the documents in Elasticsearch so we can help with this question.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.