Skip to main content
Skip table of contents

Filters—Unique Values

This page uses adding filters to an AI Engine Rule as an example. The names of windows and setting options vary slightly depending on where you are creating or modifying a filter.

The Unique Values tab appears on all Unique Values AI Engine Rule blocks. It is used to detect when more than the number of unique occurrences you specify are observed.

In this example, the rule block will be evaluated when 50 or more logs with unique Hostname (Origin) values are observed in a 2 minute time span.

To detect Unique Values

  1. Select a Field.

    Group by fields cannot be used for Unique Values.

  2. Enter the number of Occurrences from 1 to 100.

  3. Enter the Time Limit from 1 minute to 30 days.

    A time limit greater than 24 hours may require significant system resources. Consider setting the Runtime Priority to Low for such rules.

The total number of Events that are generated can be limited by how you define Event Suppression on the Settings tab of the AI Engine Rule Wizard Tabs.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close