Hi,
I have a network flow data which contain destination ip address, source ip address and tcp_flag fileds. Tcp_flag field contains different values like
{
"tcp_flag":[ACK, SYN, RST]
}
I want to configure a job which looks for source ip address that are sending only "SYN" to the destination ip address.
So can I know what are the functions and field name (over_field, by_field, partition_field) that has to configured in the detector.
Thanks.