Hi,
How to write a rule in splunk to monitor a particular ID
Another rule to monitor a particular IP address.
You can use conditional functions https://docs.splunk.com/Documentation/Splunk/8.0.1/SearchReference/ConditionalFunctions and create report/alert from it.
You can use conditional functions https://docs.splunk.com/Documentation/Splunk/8.0.1/SearchReference/ConditionalFunctions and create report/alert from it.