...
Description
This unit is a Processor unit.
A unit that signals the start and end of a batch of events, where a batch is considered to be a sequence of events that share a common value in a given field. This field is identified as the Input batch field value in the unit properties.
...
You can use the Batch Detector unit to get notified each time the value in the country column of the siem.logtrust.web.activity table changes. To do it, add a Devo Source unit to indicate the source table that will send the events. Then, connect it to the Batch Detector unit through its in input port. Finally, link the start output port of the unit to an Email Sink unit to get notified each time a new batch of events starts.
...
In the Batch Detector unit properties, you must select the country column of the table, whose values will be used to define the different batches.
...
📁 Download this example
You can try this flow by downloading this JSON and uploading it to your domain using the Import option:
...