Hi,
Hope you guys are doing well, * If we get 5 alerts matching this category in 30 mins we want to get an email lettting the admin know that too many alerts are being generated.
Thanks in advance
The way I have done that and not sure if perfect I set filter & aggregation rule.
Search within the last 30 minutes
Execute search every 30 minutes
Event limit will be on how many matches you want.
You will then need to put it in a stream whereby it shows all the messages you want to alert on.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.