Aggregate the same alerts into one mail

Hi All,

Our developer team setting the application retry time = 0
That’s means if the error occur, we will receive so many alert mail.
Are there any function can do the aggregate to one mail or filter the same alert?

1 Like

Hello,

Yes, but this depends on the configuration in the Event Definitions and the notification section.
For example under Filter & Aggregation section it depends on how these are set as follow:

Search within the last
Then
Execute search every

That is tide into the Notification section under Notification Settings
You have a Grace Period.

Example
Search a specific stream with the Search within the last: 30 minutes and execute Execute search every: 30 minutes.

So it search the past 30 minutes and it executes every 30 minutes. There is the notification settings with Grace Period, once the alert goes off and sends email it will wait a specific amount of time to send another alert.

Then you have Aggregation section which will fine tune this events. For example count() > 0
Which states if there is more then 0 messages in this stream , alert. this can be arise to a higher level if preferred

Under the Aggregation settings it can “Summarize log messages matching the Filter defined by using a function. You can optionally group the Filter results by identical field values.” such as Source field or another unique field/s.

Not sure what setting that is, but I would suggest looking into Event Definition here

With the enterprise version you do have CORRELATION ENGINE as shown here, if you keep the amount under 2 Gb a day, its free.

hope that helps

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.