Hello,
I have a query like so:
source=“some-source.log” MySearchQuery | stats count by user, host_name

which produces results like:

user         host_name      count
user1        host_name1      5
user2        host_name2      6
user1        host_name3      9
user3        host_name1      3
user3        host_name3      4 

My question is: how can I write a query to fire an alert when the sum of count for any user in the above table is greater than 10, e.g user1 here.