Is there a functionality to track server / geolocation . I need an alert to go off if the geolocation changes, not sure what functionality will achieve this
Are you looking into Elastic Security or Alerting rules for this? Just wondering.
Maybe I would suggest try creating a transformation job for this. For example Impossible Travel rule :
If that does not meet your needs, you can still use a transformation rule to group by a unique field and aggregate by the location field.
I am attempting the Transforms , but dont see aggregation by Last state, only cardinality , value_count, filter, top_metric, terms
