Accepted Default Telnet Port Connection

(data_stream.dataset:(fortinet_fortigate.log or network_traffic.flow
        or sonicwall_firewall.log or suricata.eve or panw.panos)
    or event.category:(network or network_traffic))
    and event.type:(connection and not end) and not event.action:(
        flow_dropped or flow_denied or denied or deny or
        flow_terminated or timeout or Reject or network_flow)
    and destination.port:23