@elastic/failed-logins
Get failed login attempts grouped by user or IP
RUN SKILL failed_logins()With parameters:
RUN SKILL failed_logins WITH index_pattern = 'value', group_by = 'value', limit = 0| Name | Type | Default | Description |
|---|---|---|---|
| index_pattern | STRING | — | Security events index pattern |
| group_by | STRING | — | Group by: user, source_ip, or both |
| limit | INT | — | Maximum results |
-- Using curl
curl -u elastic-admin:elastic-password http://localhost:9200/_escript \
-H "Content-Type: application/json" \
-d '{"query": "RUN SKILL failed_logins()"}'
-- Response
{
"result": [...],
"_meta": {
"execution_id": "abc123",
"duration_ms": 45
}
}