Filters—Unique Values
The Unique Values tab appears on all Unique Values AI Engine Rule blocks. It is used to detect when more than the number of unique occurrences you specify are observed.
In this example, the rule block will be evaluated when 50 or more logs with unique Hostname (Origin) values are observed in a 2 minute time span.
To detect Unique Values
Select a Field.
Group by fields cannot be used for Unique Values.
- Enter the number of Occurrences from 1 to 100.
Enter the Time Limit from 1 minute to 30 days.
A time limit greater than 24 hours may require significant system resources. Consider setting the Runtime Priority to Low for such rules.
The total number of Events that are generated can be limited by how you define Event Suppression on the Settings tab of the AI Engine Rule Wizard Tabs.