Using Kibana Discovery and then Alerting is it possible to create an alert based on the count of a unique field value during a particular time period? For instance, in Splunk I can alarm a query such as this:
index=ct-inf host="cms-prod-app" sourcetype="ix-ixiasoft-ccms" "Unable to authenticate user" | stats count by username | where count >= 4
So if a particular username gets 4 authentication failures in a particular time period Splunk will send an alert.
Is this possible in Kibana?
I also set this up in a Data Table visualization and then tried to cut/paste the json request into a Kibana Monitor, but it did not get any hits as expected.