I am trying to find a query or filter to help me solve an issue. I have MFA logs coming into Elastic and I am trying to create an alert to let me know when an account authenticates using a phone number that is already used by another account. Is there a query or filter that I can use to achieve this search.