I want to have a graph that shows me where multiple account names are coming from a single IP.
So I have all of these log lines where I have an account name and an IP.
How can I see a graph that will show me the largest IPs that have multiple account names? Not the highest count for an IP, because I don't care if a single account logs in from a single IP 100 times. What I care about is if a single IP has a hundred accounts logging in from that IP.
I don't quite understand what subaggregations to make.
And what would this kind of query be called? It's kind of a many-to-one thing.
