Hi All,
Our developer team setting the application retry time = 0
That’s means if the error occur, we will receive so many alert mail.
Are there any function can do the aggregate to one mail or filter the same alert?
Hi All,
Our developer team setting the application retry time = 0
That’s means if the error occur, we will receive so many alert mail.
Are there any function can do the aggregate to one mail or filter the same alert?
Hello,
Yes, but this depends on the configuration in the Event Definitions and the notification section.
For example under Filter & Aggregation section it depends on how these are set as follow:
Search within the last
Then
Execute search every
That is tide into the Notification section under Notification Settings
You have a Grace Period.
Example
Search a specific stream with the Search within the last: 30 minutes and execute Execute search every: 30 minutes.
So it search the past 30 minutes and it executes every 30 minutes. There is the notification settings with Grace Period, once the alert goes off and sends email it will wait a specific amount of time to send another alert.
Then you have Aggregation section which will fine tune this events. For example count() > 0
Which states if there is more then 0 messages in this stream , alert. this can be arise to a higher level if preferred
Under the Aggregation settings it can “Summarize log messages matching the Filter defined by using a function. You can optionally group the Filter results by identical field values.” such as Source field or another unique field/s.
Not sure what setting that is, but I would suggest looking into Event Definition here
With the enterprise version you do have CORRELATION ENGINE as shown here, if you keep the amount under 2 Gb a day, its free.
hope that helps
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.