Hello,
I would like to display in my canvas, the number of alertes generated the last 24 hours by a specific rule (Costume rule That I have created)
Could you tell me please how can I do that ?
Best regards
I found the solution,
For all who wanna display the number of alerts for specific rule, you can use this query:
SELECT COUNT(*) as TotalCount FROM ".siem-signals-default-*"
WHERE "@timestamp" > NOW() - INTERVAL 24 HOURS
AND signal.rule.name = 'NameOfYourRule'
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.