https://community.splunk.com/t5/Splunk-Search/How-to-write-SPL-for-DLP-alert-use-case-using-eval-in-Splunk-ES/m-p/638317#M221235 <P>Hi,<BR />Could anyone over here&nbsp; able to write an spl query for usecase in splunk ES like when single user triggers alert say other than dlp&nbsp; in between 2 hours of time more than 3 times,how to make &nbsp;a count for alert_name<BR />not for generic events, how to write this use case spl query using eval ?<BR /><BR /><BR /></P> Mon, 03 Apr 2023 20:00:35 GMT AL3Z 2023-04-03T20:00:35Z https://community.splunk.com/t5/Splunk-Search/How-to-write-SPL-for-DLP-alert-use-case-using-eval-in-Splunk-ES/m-p/638317#M221235 <P>Hi,<BR />Could anyone over here&nbsp; able to write an spl query for usecase in splunk ES like when single user triggers alert say other than dlp&nbsp; in between 2 hours of time more than 3 times,how to make &nbsp;a count for alert_name<BR />not for generic events, how to write this use case spl query using eval ?<BR /><BR /><BR /></P> Mon, 03 Apr 2023 20:00:35 GMT https://community.splunk.com/t5/Splunk-Search/How-to-write-SPL-for-DLP-alert-use-case-using-eval-in-Splunk-ES/m-p/638317#M221235 AL3Z 2023-04-03T20:00:35Z