How to create alert when user tried to access restricted website. I am able to create the alert but there are multiple users coming whereas my requirement is to trigger alert for each user separately
Hi
You should use "per result" Alert type.
https://docs.splunk.com/Documentation/Splunk/8.2.0/Alert/AlertTriggerConditions
r. Ismo